Configuring inter-vlan layer 3 forwarding, Configure the ports of the switch – H3C Technologies H3C SecPath F1000-E User Manual

Page 292

267

Configuring inter-VLAN Layer 3 forwarding

For the Layer 3 subinteface forwarding configuration commands, see the Interface Configuration
Commands in the Network Management Command Reference.

Configuring inter-VLAN Layer 3 forwarding

Perform the following configurations to achieve inter-VLAN Layer 3 forwarding.

Configure the ports of the switch

•

Create two VLANs. Assign the ingress port to one VLAN and the egress port to the other.

•

Configure the switch’s ten-GigabitEthernet port that connects to the firewall card as a trunk port and
configure the trunk port to join these two VLANs.

Configure the firewall card

•

Create two VLANs, in which packets from the switch are forwarded.

•

Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type as trunk. Assign the interface to the two VLANs created

on the switch.

•

Create two VLAN interfaces with the same numbers as VLANs created on the switch for the
ten-GigabitEthernet interface.

•

Assign IP addresses for the two VLAN interfaces.

•

Add the firewall card's ten-GigabitEthernet interface and the VLAN interfaces to the security zones.

NOTE:

To achieve Layer 3 forwarding between VLANs, you can create these VLANs on the swtich and configure
the same number of VLAN interfaces for the ten-GigabitEthernet interface on the firewall card. Then add
the firwall card's ten-GigabitEthernet interface and the VLAN interfaces to security zones.

Configure the ports of the switch

Follow these steps to configure the ports of the switch:

To do…

Use the command

Remarks

Enter system view

system-view

—

Create a VLAN and enter VLAN
view

vlan vlan-id Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to

VLAN 1.

Create another VLAN and enter
VLAN view

vlan vlan-id

Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to

VLAN 1.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer