F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
265
583BDisplaying and maintaining Layer 3 subinterface forwarding
Task Command
Remarks
Display brief interface
information.
display brief interface [ interface-type
[ interface-number | interface-number.subnumber ] ]
[ | { begin | include | exclude } text ]
Available in any view.
Display
interface/subinterface state
and related information.
display interface [ interface-type [interface-number |
interface-number.subnumber ] ]
Available in any view.
Clear
interface/subinterface
statistics.
reset counters interface [ interface-type
[ interface-number | interface-number.subnumber ] ]
Available in user view.
138B
Configuring inter-VLAN Layer 3 forwarding
NOTE:
For the Layer 3 subinteface forwarding configuration commands, see
Network Mana
g
ement Comman
d
Reference
.
584BConfiguring inter-VLAN Layer 3 forwarding
Perform the following configurations to achieve inter-VLAN Layer 3 forwarding.
1. Configure the ports of the switch.
• Create two VLANs. Assign the ingress port to one VLAN and the egress port to the other.
• Configure the switch’s Ten-GigabitEthernet port that connects to the firewall module as a trunk port
and configure the trunk port to join these two VLANs.
2. Configure the firewall module.
• Create two VLANs, in which packets from the switch are forwarded.
• Configure the operating mode of the Ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type as trunk. Assign the interface to the two VLANs created
on the switch.
• Create two VLAN interfaces with the same numbers as VLANs created on the switch for the
Ten-GigabitEthernet interface.
• Assign IP addresses for the two VLAN interfaces.
• Add the firewall module's Ten-GigabitEthernet interface and the VLAN interfaces to the security
zones.
NOTE:
To achieve Layer 3 forwardin
g
between VLANs, you can create these VLANs on the swtich and confi
g
ure
the same number of VLAN interfaces for the Ten-GigabitEthernet interface on the firewall module. Then
add the firwall module's Ten-GigabitEthernet interface and the VLAN interfaces to security zones.