HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

281

282

283

284

285

286

287

288

289

290

266

Task Command

Remarks

Display

interface/subinterface state

and related information.

display interface [ interface-type [interface-number |

interface-number.subnumber ] ]

Available in any view.

Clear

interface/subinterface

statistics.

reset counters interface [ interface-type

[ interface-number | interface-number.subnumber ] ]

Available in user view.

Configuring inter-VLAN Layer 3 forwarding

NOTE:

For the Layer 3 subinterface forwarding configuration commands, see

Network Mana

ement Comman

Reference

Configuring inter-VLAN Layer 3 forwarding

Perform the following configurations to achieve inter-VLAN Layer 3 forwarding:

1. Configure the ports of the switch:

{ Create two VLANs. Assign the ingress port to one VLAN and the egress port to the other.

{ Configure the switch's ten-GigabitEthernet port that connects to the firewall card as a trunk port

and configure the trunk port to join these two VLANs.

2. Configure the firewall card:

{ Create two VLANs, in which packets from the switch are forwarded.

{ Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as

Layer 2 mode, and configure the link type as trunk. Assign the interface to the two VLANs

created on the switch.

{ Create two VLAN interfaces with the same numbers as VLANs created on the switch for the

ten-GigabitEthernet interface.

{ Assign IP addresses for the two VLAN interfaces.

{ Add the firewall card's ten-GigabitEthernet interface and the VLAN interfaces to the security

zones.

NOTE:

To achieve Layer 3 forwarding between VLANs, you can create these VLANs on the switch and confi

ure

the same number of VLAN interfaces for the ten-GigabitEthernet interface on the firewall card. Then add

the firewall card's ten-GigabitEthernet interface and the VLAN interfaces to security zones.

Configure the ports of the switch

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a VLAN and enter VLAN view.

vlan vlan-id N/A

3. Assign access ports to the VLAN.

port interface-list By default, all ports belong to VLAN 1.