beautypg.com

Configuration procedure – H3C Technologies H3C SecBlade FW Cards User Manual

Page 9

background image

8

Figure 2 Network diagram for inter-VLAN Layer 2 forwarding

Configuration procedure

1.

Configure the ports on the switch.

# Create VLAN 102 and VLAN 103. Assign GigabitEthernet 3/0/1 to VLAN 102 and GigabitEthernet
3/0/2 to VLAN 103.

system-view

[Sysname] vlan 102

[Sysname-vlan102] port GigabitEthernet 3/0/1

[Sysname-vlan102] vlan 103

[Sysname-vlan103] port GigabitEthernet 3/0/2

[Sysname-vlan103] quit

# Configure the link type of Ten-GigabitEthernet 2/0/1 as trunk and assign the trunk port to VLAN 102,
and VLAN 103.

[Sysname] interface Ten-GigabitEthernet 2/0/1

[Sysname-Ten-GigabitEthernet2/0/1] port link-type trunk

[Sysname-Ten-GigabitEthernet2/0/1] port trunk permit vlan 102 103

2.

Configure the firewall card

# Create VLAN 102, VLAN 103 and VLAN 1000.

system-view

[Sysname] vlan 102 to 103

[Sysname] vlan 1000

[Sysname-vlan1000] quit

# Configure the link type of Ten-GigabitEthernet 0/0 as trunk and operating mode as Layer 2. Assign the
trunk port to VLAN 102, VLAN 103, and VLAN 1000.

[Sysname] interface Ten-GigabitEthernet 0/0

[Sysname-Ten-GigabitEthernet0/0] port link-mode bridge

[Sysname-Ten-GigabitEthernet0/0] port link-type trunk

[Sysname-Ten-GigabitEthernet0/0] port trunk permit vlan 102 103 1000

# Configure two subinterfaces Ten-GigabitEthernet 0/0.102 and Ten-GigabitEthernet 0/0.103.
Configure them as access ports and set the operating mode to Layer 2. Assign the two interfaces to VLAN

1000.

[Sysname-Ten-GigabitEthernet0/0] interface Ten-GigabitEthernet0/0.102

[Sysname-Ten-GigabitEthernet0/0.102] port link-mode bridge

[Sysname-Ten-GigabitEthernet0/0.102] port link-type access

[Sysname-Ten-GigabitEthernet0/0.102] port access vlan 1000

See also other documents in the category H3C Technologies Safety: