Network requirements, Configuration procedure – H3C Technologies H3C SecBlade FW Cards User Manual
Page 8
7
To do…
Use the command…
Remarks
Display VLAN information
display vlan [ vlan-id1 [ to vlan-id2 ] | all |
dynamic | reserved | static ]
Available in any view
Layer 3 subinterface forwarding configuration
example
Network requirements
As shown in
, traffic between GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 is filtered by
a firewall card, and Layer 3 subinterface forwarding needs to be configured.
•
Configure the operating mode of GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of the switch
as access. Assign them to VLAN 102 and VLAN 103 respectively.
•
Ten-GigabitEthernet 2/0/1 of the switch connects to ten-GigabitEthernet 0/0 of the firewall card.
Configure ten-GigabitEthernet 2/0/1 as a trunk port.
•
Configure the operating mode of the firewall card's ten-GigabitEthernet interface as Layer 3.
Configure two subinterfaces, ten-GigabitEthernet 0/0.1 and ten-GigabitEthernet 0/0.2, and set
their encapsulation type to dot1q. Associate ten-GigabitEthernet 0/0.1 with VLAN 102 and
ten-GigabitEthernet 0/0.2 with VLAN 103.
•
Assign IP address 102.0.0.3/24 to ten-GigabitEthernet 0/0.1 and 103.0.0.3/24 to
ten-GigabitEthernet 0/0.2.
•
Add one subinterface to the security zone Trust and the other subinterface to Untrust.
Figure 2 Network diagram for Layer 3 subinterface forwarding
Configuration procedure
1.
Configure the ports on the switch.
# Create VLAN 102 and VLAN 103. Assign GigabitEthernet 3/0/1 to VLAN 102 and GigabitEthernet
3/0/2 to VLAN 103.
[Sysname] vlan 102
[Sysname-vlan102] port GigabitEthernet 3/0/1
[Sysname-vlan102] vlan 103
[Sysname-vlan103] port GigabitEthernet 3/0/2
[Sysname-vlan103] quit