beautypg.com

Configuring inter-vlan layer 3 forwarding – H3C Technologies H3C SecBlade FW Cards User Manual

Page 5

background image

4

To do…

Use the command

Remarks

Assign an IP address to the
subinterface

ip address ip-address { mask |
mask-length } [ sub ]

Required
By default, no IP address is
configured for the subinterface.

Add the subinterface to a
security zone

Enter the Web page and select Device
Management > Zone. On the modify zone
page, add the subinterface to the zone.

Required
This security zone is for incoming
packets.

Create another subinterface
and enter subinterface view

interface ten-gigabitethernet
interface-number.subnumber

Required

Set the encapsulation type
and associate the

subinterface with a VLAN

vlan-type dot1q vid vid

Optional
The subinterface receives packets
with the vid.

Assign an IP address to the
subinterface

ip address ip-address { mask |
mask-length } [ sub ]

Required
By default, no IP address is
configured for the subinterface.

Add the subinterface to a
security zone

Enter the Web page and select Device
Management > Zone. On the modify zone

page, add the subinterface to the zone.

Required
This security zone is for outgoing
packets.

Configuring inter-VLAN Layer 3 forwarding

NOTE:

For the inter-VLAN Layer 3 forwarding commands, see the command reference.

Configuring inter-VLAN Layer 3 forwarding

Perform the following configurations to achieve inter-VLAN Layer 3 forwarding.

1.

Configure the ports of the switch

Create two VLANs. Assign the ingress port to one VLAN and the egress port to the other.

Configure the switch’s ten-GigabitEthernet port that connects to the firewall card as a trunk port and
configure the trunk port to join these two VLANs.

2.

Configure the firewall card

Create two VLANs, in which packets from the switch are forwarded.

Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type as trunk. Assign the interface to the two VLANs created

on the switch.

Create two VLAN interfaces with the same numbers as VLANs created on the switch for the
ten-GigabitEthernet interface.

Assign IP addresses for the two VLAN interfaces.

Add the firewall card's ten-GigabitEthernet interface and the VLAN interfaces to the security zones.

See also other documents in the category H3C Technologies Safety: