Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
161162163164165166167168169170
143
476BConfiguration procedure
To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the switch and configure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall module.
Perform the following configurations to achieve Layer 2 forwarding between two VLANs:
1. Configure the switch:
{ Create two VLANs. Assign the two access ports to different VLANs.
{ Configure the switch's ten-GigabitEthernet port that connects to the firewall module as a trunk
port, and configure the trunk port to join these two VLANs.
2. Configure the firewall module:
{ Create VLAN X for the firewall module. Packets from the switch will be tagged with VLAN X.
{ Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch
as Layer 2 mode, and configure the link type of the interface as trunk.
{ Create two subinterfaces for the ten-GigabitEthernet interface, and use the IDs of those two
VLANs created on the switch as their interface numbers. Set the link type of the subinterfaces
as access and assign the two subinterfaces to VLAN X.
1191BConfiguring the ports of the switch
Ste
p
Command
Remarks
299. Enter system view.
system-view N/A
300. Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
301. Assign the access ports to the
VLAN.
port interface-list
By default, all ports belong to
VLAN 1.
302. Create another VLAN and
enter VLAN view.
vlan vlan-id N/A
303. Assign the access ports to the
VLAN.
port interface-list
By default, all ports belong to
VLAN 1.
304. Enter the view of the
ten-GigabitEthernet interface
that connects to the firewall
module.
interface ten-gigabitethernet
interface-number
N/A
305. Configure the link type of the
interface as trunk.
port link-type trunk N/A
306. Assign the trunk port to the
two VLANs.
port trunk permit vlan { vlan-id-list
| all }
N/A
307. Configure the default VLAN
on the trunk port.
port trunk pvid vlan vlan-id
The default VLAN cannot be one of
the previously configured two
VLANs.
1192BConfiguring the firewall module
Ste
p
Command
Remarks
308. Enter system view.
system-view N/A