Configuration procedure, Network requirements – H3C Technologies H3C SecBlade FW Cards User Manual
Page 8
7
Configuration procedure
# Create forward-type inline Layer 2 forwarding entry 1.
[Sysname] inline-interfaces 1
# Assign GigabitEthernet 0/1 to forward-type inline Layer 2 forwarding entry 1.
[Sysname] interface GigabitEthernet 0/1
[Sysname-GigabitEthernet0/1] port inline-interfaces 1
# Assign GigabitEthernet 0/2 to forward-type inline Layer 2 forwarding entry 1.
[Sysname-GigabitEthernet0/1] interface GigabitEthernet 0/2
[Sysname-GigabitEthernet0/2] port inline-interfaces 1
Blackhole-type inline Layer 2 forwarding
configuration example
Network requirements
Configure blackhole-type inline Layer 2 forwarding on GigabitEthernet 0/1. Then packets received on
GigabitEthernet 0/1 are directly dropped.
Configuration Procedure
# Create blackhole-type inline Layer 2 forwarding entry 1.
[Sysname] inline-interfaces 1 blackhole
# Assign GigabitEthernet 0/1 to blackhole-type inline Layer 2 forwarding entry 1.
[Sysname] interface GigabitEthernet 0/1
[Sysname-GigabitEthernet0/1] port inline-interfaces 1
Inter-VLAN Layer 2 forwarding configuration
example
Network requirements
As shown in
, traffic between GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 is filtered by
a firewall card, and inter-VLAN Layer 2 forwarding needs to be configured.
•
Configure the operating mode of GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of the switch
as access. Assign them to VLAN 102 and VLAN 103 respectively.
•
Ten-GigabitEthernet 2/0/1 of the switch connects to Ten-GigabitEthernet 0/0 of the firewall card.
Configure the operating mode of the two interfaces as Layer 2 and the link type as trunk.
•
Create two subinterfaces Ten-GigabitEthernet 0/0.102 and Ten-GigabitEthernet 0/0.103 for
Ten-GigabitEthernet 0/0. Configure their operating mode as Layer 2 and the link type as access.
Assign them to VLAN 1000.