Network requirements, Configuring the switch – H3C Technologies H3C SecPath F1000-E User Manual

261

The ping operation from Host A to Host B is successful after the configuration.

Local proxy ARP configuration example in isolate-user-VLAN

Network requirements

As shown in

Figure 167

, the switch is attached to the SecPath. VLAN 5 on the switch is an

isolate-user-VLAN, which includes uplink port Ethernet 1/2 and two secondary VLANs, VLAN 2 and
VLAN 3. Ethernet 1/3 belongs to VLAN 2, and Ethernet 1/1 belongs to VLAN 3. Host A belongs to

VLAN 2 and connects to Ethernet 1/3 of the switch. Host B belongs to VLAN 3 and connects to Ethernet

1/1 of the switch.
As Host A and Host B belong to different secondary VLANs, they are isolated at Layer 2. Configure local
proxy ARP on the SecPath to implement Layer 3 communication between Host A and Host B.

Figure 167 Network diagram

Configuring the switch

# Create VLAN 2, VLAN 3, and VLAN 5 on the switch. Add Ethernet 1/3 to VLAN 2, Ethernet 1/1 to

VLAN 3, and Ethernet 1/2 to VLAN 5. Configure VLAN 5 as the isolate-user-VLAN, and VLAN 2 and

VLAN 3 as secondary VLANs. Configure the mappings between isolate-user-VLAN and the secondary

VLANs.

system-view

[Switch] vlan 2

[Switch-vlan2] port ethernet 1/3

[Switch-vlan2] quit

[Switch] vlan 3

[Switch-vlan3] port ethernet 1/1

[Switch-vlan3] quit

[Switch] vlan 5

[Switch-vlan5] port ethernet 1/2

[Switch-vlan5] isolate-user-vlan enable

[Switch-vlan5] quit

[Switch] isolate-user-vlan 5 secondary 2 3