Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
260
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] ip address 192.168.10.99 255.255.255.0
# Enable proxy ARP on interface GigabitEthernet 0/2.
[Firewall-GigabitEthernet0/2] proxy-arp enable
[Firewall-GigabitEthernet0/2] quit
# Configure the IP address of interface GigabitEthernet 0/1.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ip address 192.168.20.99 255.255.255.0
# Enable proxy ARP on interface GigabitEthernet 0/1.
[Firewall-GigabitEthernet0/1] proxy-arp enable
[Firewall-GigabitEthernet0/1] quit
After completing preceding configurations, use the ping command to verify the connectivity between
Host A and Host D.
Local proxy ARP configuration example in case of port isolation
Network requirements
As shown in Figure 174, Host A and Host B belong to the same VLAN, and connect to the switch through
GigabitEthernet 0/3 and GigabitEthernet 0/1 respectively. The switch connects to the firewall through
GigabitEthernet 0/2.
Configure port isolation on GigabitEthernet 0/3 and GigabitEthernet 0/1 of the switch to isolate Host A
from Host B at Layer 2. Enable local proxy ARP on the firewall to allow communication between Host A
and Host B at Layer 3.
In this configuration example, suppose all traffic between the hosts is blocked, so you need to configure
local proxy ARP on GigabitEthernet 0/2 of the firewall to enable communication between Host A and
Host B. If the two ports (GigabitEthernet 0/3 and GigabitEthernet 0/1) on the switch are isolated only at
Layer 2, you can enable communication between the two hosts by configuring local proxy ARP on
VLAN-interface 2 of the switch.
Figure 174 Network diagram