Configuring the firewall card – H3C Technologies H3C SecBlade FW Cards User Manual
Page 6
5
To do…
Use the command…
Remarks
Configure the default VLAN on the
trunk port
port trunk pvid vlan vlan-id
Optional
The default VLAN cannot be one of
the previously configured two
VLANs.
Configuring the firewall card
Follow these steps to configure the firewall card:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create VLANs for the firewall card
and enter VLAN view
vlan vlan-id Required
Exit to system view
quit
—
Enter the view of the
ten-GigabitEthernet interface that
connects to the switch
interface ten-gigabitethernet
interface-number
Required
Configure the operating mode of
the interface as Layer 2
port link-mode bridge
Required
The default operating mode is
Layer 3.
Configure the link type of the
ten-GigabitEthernet interface as
trunk
port link-type trunk
Required
Assign the trunk port to the
specified VLANs
port trunk permit vlan { vlan-id-list
| all }
Required
The VLAN of the firewall and the
VLANs of the subinterfaces of the
ten-GigabitEthernet interface must
be included.
Create a subinterface of the
ten-GigabitEthernet interface and
enter subinterface view
interface ten-gigabitethernet
interface-number.subnumber
Required
The subnumber must be one of the
VLAN IDs created on the switch.
Configure the operating mode of
the subinterface as Layer 2
port link-mode bridge
Required
The operating mode must be
consistent with that of the
ten-GigabitEthernet interface.
Configure the link type of the
subinterface as access
port link-type access
Optional
By default, the link type of a
subinterface is access.
Assign the subinterface to the
VLAN of the firewall card
port access vlan vlan-id Required
Add the subinterface to a security
zone
Enter the Web page and select
Device Management > Zone. On
the modify zone page, add the
subinterface to a zone.
Required
This security zone is for incoming
packets.