HP VPN Firewall Appliances Network Management Configuration Guide
264
• Add these two subinterfaces to security zones.
NOTE:
To achieve Layer 3 forwarding between VLANs, you can create these VLANs on the switch and confi
g
ure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card. Then add the
subinterfaces to security zones.
Configure the ports of the switch
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
3. Assign access ports to the
VLAN.
port interface-list By default, all ports belong to VLAN 1.
4. Create another VLAN and
enter VLAN view.
vlan vlan-id N/A
5. Assign access ports to the
VLAN.
port interface-list By default, all ports belong to VLAN 1.
6. Enter the view of the
ten-GigabitEthernet interface
that connects to the firewall
card.
interface
Ten-GigabitEthernet
interface-number
N/A
7. Configure the link type of the
interface as trunk.
port link-type trunk N/A
8. Assign the trunk port to the
two VLANs.
port trunk permit vlan
{ vlan-id-list | all }
N/A
9. Configure the default VLAN
for the trunk port.
port trunk pvid vlan vlan-id
Optional.
The default VLAN cannot be one of the
previously configured two VLANs.
Configure the firewall card
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter the view of the
ten-GigabitEthernet interface
that connects to the switch.
interface ten-gigabitEthernet
interface-number
N/A
3. Configure the operating
mode of the interface as Layer
3.
port link-mode route
Optional.
The default operating mode is
Layer 3.
4. Create a subinterface of the
ten-GigabitEthernet interface
and enter subinterface view.
interface ten-gigabitEthernet
interface-number.subnumber
N/A
5. Set the encapsulation type
and associate the
subinterface with a VLAN.
vlan-type dot1q vid vid
The subinterface receives packets
with the vid.