Configuration procedure, Configure the ports of the host device – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 118

103

As shown in

Figure 34

, the SecBlade card collaborates with a host device to filter Layer 2 traffic arriving

at the host device before forwarding the traffic.

Figure 34 Inter-VLAN Layer 2 forwarding

Inter-VLAN Layer 2 forwarding operates as follows:

After receiving a packet, the host device adds the VLAN tag of the receiving interface to the packet
and if the packet is not destined to the VLAN the host device tagged, sends the packet to the

SecBlade card through the trunk port in between.

The SecBlade card replaces the VLAN tag of the packet with its own VLAN tag and then handles

the packet according to security settings.

The SecBlade card replaces its VLAN tag of the packet with that contained in the interface number
of the egress subinterface and sends it to the host device (the egress subinterface is found through

a MAC address table lookup).

The host device forwards the packet toward the destination.

Configuration procedure

Perform the following configurations to achieve Layer 2 forwarding between two VLANs.

Configure the host device.

•

Create two VLANs. Assign the two access ports to different VLANs.

•

Configure the host device’s ten-GigabitEthernet port that connects to the SecBlade card as a trunk
port and configure the trunk port to join these two VLANs.

Configure the SecBlade card.

•

Create VLAN X for the SecBlade card. Packets from the host device will be tagged with VLAN X.

•

Configure the operating mode of the ten-GigabitEthernet interface that connects to the host device
as Layer 2 mode, and configure the link type of the interface as trunk.

•

Create two subinterfaces for the ten-GigabitEthernet interface, and use the IDs of those two VLANs
created on the host device as their interface numbers respectively. Set the link type of the

subinterfaces as access and assign the two subinterfaces to VLAN X.

NOTE:

To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the host device and
configure the same number of subinterfaces for the ten-GigabitEthernet interface on the SecBlade card.

Configure the ports of the host device

Follow these steps to configure the ports of the host device:

IP network

Device

SecBlade

NSC

This manual is related to the following products:

H3C S10500 Series Switches H3C S7500E Series Switches H3C S6800 Series Switches H3C S6300 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches H3C S3100V2 Series Switches