Configuring general layer 2 forwarding, Configuring inline layer 2 forwarding – H3C Technologies H3C SecBlade FW Cards User Manual

Page 3

•

Configure subinterfaces for the Ethernet port of the firewall card and use the IDs of the two VLANs

created on the switch as their interface numbers respectively.

Inter-VLAN Layer 2 forwarding operates as follows:

After receiving a packet, the switch adds the VLAN tag of the receiving interface to the packet and
if the packet is not destined to the VLAN the switch tagged, sends the packet to the firewall card

through the trunk port in between.

The firewall card replaces the VLAN tag of the packet with its own VLAN tag and then handles the
packet according to security settings.

The firewall card replaces its VLAN tag of the packet with that contained in the interface number
of the egress subinterface and sends it to the switch (the egress subinterface is found through a
MAC address table lookup).

The switch forwards the packet toward the destination.

Configuring general Layer 2 forwarding

General Layer 2 forwarding is enabled by default.

Displaying and maintaining general Layer 2 forwarding

To do…

Use the command…

Remarks

Display general and inline Layer 2
forwarding statistics

display bridge forwarding
statistics [ interface interface-type
interface-number ]

Available in any view

Clear all general and inline Layer
2 forwarding statistics

reset bridge forwarding statistics

Available in user view

NOTE:

The display bridge forwarding statistics and reset bridge forwarding statistics commands are available
only on the SECBLADEII-CMW520-R3166 version.

Configuring inline Layer 2 forwarding

A complete inline Layer 2 forwarding configuration contains an ID, which uniquely identifies an inline

forwarding entry, and two interfaces. A packet coming from one interface goes out of the other. Inline

Layer 2 forwarding is supported on Layer 2 ports only.