HP VPN Firewall Appliances Network Management Configuration Guide
142
Configuration procedure
To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the switch and configure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card.
Perform the following configurations to achieve Layer 2 forwarding between two VLANs:
1. Configure the switch:
{ Create two VLANs. Assign the two access ports to different VLANs.
{ Configure the switch's ten-GigabitEthernet port that connects to the firewall card as a trunk port,
and configure the trunk port to join these two VLANs.
2. Configure the firewall card:
{ Create VLAN X for the firewall card. Packets from the switch will be tagged with VLAN X.
{ Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type of the interface as trunk.
{ Create two subinterfaces for the ten-GigabitEthernet interface, and use the IDs of those two
VLANs created on the switch as their interface numbers. Set the link type of the subinterfaces as
access and assign the two subinterfaces to VLAN X.
Configuring the ports of the switch
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
3. Assign the access ports to the
VLAN.
port interface-list
By default, all ports belong to
VLAN 1.
4. Create another VLAN and
enter VLAN view.
vlan vlan-id N/A
5. Assign the access ports to the
VLAN.
port interface-list
By default, all ports belong to
VLAN 1.
6. Enter the view of the
ten-GigabitEthernet interface
that connects to the firewall
card.
interface ten-gigabitethernet
interface-number
N/A
7. Configure the link type of the
interface as trunk.
port link-type trunk N/A
8. Assign the trunk port to the
two VLANs.
port trunk permit vlan { vlan-id-list
| all }
N/A
9. Configure the default VLAN
on the trunk port.
port trunk pvid vlan vlan-id
The default VLAN cannot be one of
the previously configured two
VLANs.
Configuring the firewall card
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A