beautypg.com

Configuring inter-vlan layer 2 forwarding, Configuring the ports of the switch – H3C Technologies H3C SecBlade FW Cards User Manual

Page 5

background image

4

Configuring inter-VLAN Layer 2 forwarding

Perform the following configurations to achieve Layer 2 forwarding between two VLANs.

1.

Configure the ports of the switch.

Create two VLANs. Assign the ingress port of traffic to one VLAN and the egress port to the other.

Configure the switch’s ten-GigabitEthernet port that connects to the firewall card as a trunk port and
configure the trunk port to join these two VLANs.

2.

Configure the firewall card.

Create three VLANs. Two VLANs have the same IDs with those configured on the switch and the
third one is VLAN X.

Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type of the interface as trunk.

Create two subinterfaces for the ten-GigabitEthernet interface, and use the IDs of those two VLANs
created on the switch as their interface numbers respectively. Set the link type of the subinterfaces

as access and assign the two subinterfaces to VLAN X.

Add the two subinterfaces of the ten-GigabitEthernet interface to different security zones.

NOTE:

To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the switch and configure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card. Then add the

subinterfaces to security zones.

Configuring the ports of the switch

Follow these steps to configure the ports of the switch:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a VLAN and enter VLAN
view

vlan vlan-id Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to
VLAN 1.

Create another VLAN and enter
VLAN view

vlan vlan-id

Required

Assign the access port(s) to the
VLAN

port interface-list

Required
By default, all ports belong to
VLAN 1.

Enter the view of the
ten-GigabitEthernet interface that

connects to the firewall card

interface ten-gigabitethernet
interface-number

Required

Configure the link type of the
interface as trunk

port link-type trunk

Required

Assign the trunk port to the two
VLANs

port trunk permit vlan { vlan-id-list |
all }

Required

See also other documents in the category H3C Technologies Safety: