Configure the ports of the switch, Configure the firewall card – H3C Technologies H3C SecPath F1000-E User Manual

265

•

Create two subinterfaces for the firewall card's ten-GigabitEthernet port. Associate them with the

VLANs created on the switch and set the encapsulation type as dot1q.

•

Assign IP addresses for the two subinterfaces.

•

Add these two subinterfaces to security zones.

NOTE:

To achieve Layer 3 forwarding between VLANs, you can create these VLANs on the swtich and configure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card. Then add the

subinterfaces to security zones.

Configure the ports of the switch

Follow these steps to configure the ports of the switch:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a VLAN and enter VLAN
view

vlan vlan-id Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to
VLAN 1.

Create another VLAN and enter
VLAN view

vlan vlan-id

Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to
VLAN 1.

Enter the view of the
ten-GigabitEthernet interface that

connects to the firewall card

interface Ten-GigabitEthernet
interface-number

Required

Configure the link type of the
interface as trunk

port link-type trunk

Required

Assign the trunk port to the two
VLANs

port trunk permit vlan { vlan-id-list |
all }

Required

Configure the default VLAN for the
trunk port

port trunk pvid vlan vlan-id

Optional
The default VLAN cannot be one of
the previously configured two

VLANs.

Configure the firewall card

Follow these steps to configure the firewall card:

To do…

Use the command

Remarks

Enter system view

system-view

—

Enter the view of the
ten-GigabitEthernet interface that
connects to the switch

interface ten-gigabitEthernet
interface-number

Required