beautypg.com

Layer 2 forwarding configuration, Layer 2 forwarding overview, General layer 2 forwarding – H3C Technologies H3C SecBlade FW Cards User Manual

Page 2: Inline layer 2 forwarding, Inter-vlan layer 2 forwarding

background image

1

Layer 2 forwarding configuration

Layer 2 forwarding overview

Layer 2 forwarding involves general, inline, and inter-VLAN Layer 2 forwarding. The former two are

supported on physical ports on the front panel of the device. It is not recommended that these physical
ports function as service ports.

General Layer 2 forwarding

If the destination MAC address of an incoming packet matches the MAC address of the receiving Layer
3 interface, the device forwards the packet through that interface. If not, the device performs general

Layer 2 forwarding through a Layer 2 interface. The device looks up the MAC address table according

to the destination MAC address of the incoming packet, obtains the outgoing interface, and then

forwards the packet through the interface.

Inline Layer 2 forwarding

Inline Layer 2 forwarding comprises three types: forward, reflect, and blackhole.

The forward type allows a device to forward packets received on an interface through another

interface, rather than through looking up the MAC address table.

The reflect type allows a device to forward a packet through the interface that received the packet.

The blackhole type allows a device to discard the received packets after processing.

The inline Layer 2 forwarding feature is supported on the interfaces and subinterfaces of the high-end
firewall series.

Inter-VLAN Layer 2 forwarding

Inter-VLAN Layer 2 forwarding accomplishes communications between VLANs at the data link layer, and

typically used on firewall cards.
Firewall cards are new products launched by H3C for various network applications. As shown in

Figure

1

, a firewall card works with a switch to filter Layer 2 traffic arriving at the switch before performing

inter-VLAN Layer 2 forwarding.

Figure 1 Inter-VLAN Layer 2 forwarding

The following prerequisites are necessary for inter-VLAN Layer 2 forwarding:

The ingress interface and egress interface on the switch belong to different VLANs.

The Ethernet ports at both ends of the link between the switch and the firewall card are configured
as trunk ports.

See also other documents in the category H3C Technologies Safety: