F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

269

Figure 175 Network diagram for Layer 3 subinterface forwarding

1305BConfiguration procedure

1. Configure the ports on the switch.

# Create VLAN 102 and VLAN 103. Assign GigabitEthernet 3/0/1 to VLAN 102 and GigabitEthernet

3/0/2 to VLAN 103.

<Switch> system-view

[Switch] vlan 102

[Switch-vlan102] port gigabitethernet 3/0/1

[Switch-vlan102] vlan 103

[Switch-vlan103] port gigabitethernet 3/0/2

[Switch-vlan103] quit

# Configure the link type of Ten-GigabitEthernet 2/0/1 as trunk and assign the trunk port to VLAN 102

and VLAN 103.

[Switch] interface ten-gigabitethernet 2/0/1

[Switch-Ten-GigabitEthernet2/0/1] port link-type trunk

[Switch-Ten-GigabitEthernet2/0/1] port trunk permit vlan 102 103

[Switch-Ten-GigabitEthernet2/0/1] quit

2. Configure the firewall module.

# Configure the operating mode of Ten-GigabitEthernet 0/0 as Layer 3.

<Firewall> system-view

[Firewall] interface ten-gigabitethernet 0/0

[Firewall-Ten-GigabitEthernet0/0] port link-mode route

# Configure two subinterfaces for Ten-GigabitEthernet 0/0. Set their encapsulation type to dot1q and

associate them to with VLANs created on the switch. Assign IP addresses for the subinterfaces.

[Firewall-Ten-GigabitEthernet0/0] interface ten-gigabitethernet0/0.1

[Firewall-Ten-GigabitEthernet0/0.1] vlan-type dot1q vid 102

[Firewall-Ten-GigabitEthernet0/0.1] ip address 102.0.0.3 24

[Firewall-Ten-GigabitEthernet0/0.1] interface ten-gigabitethernet0/0.2

[Firewall-Ten-GigabitEthernet0/0.2] vlan-type dot1q vid 103

[Firewall-Ten-GigabitEthernet0/0.2] ip address 103.0.0.3 24

[Firewall-Ten-GigabitEthernet0/0.2] quit

# Add Ten-GigabitEthernet 0/0.1 to security zone Trust.

[Firewall] zone name Trust

[Firewall-zone-Trust] import interface ten-gigabitethernet 0/0.1