F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

270

[Firewall-zone-Trust] quit

# Add Ten-GigabitEthernet 0/0.2 to security zone Untrust.

[Firewall] zone name Untrust

[Firewall-zone-Untrust] import interface ten-gigabitethernet 0/0.2

140B

Inter-VLAN Layer 3 forwarding configuration

example

1306BNetwork requirements

As shown in the 2485HFigure 176, traffic between GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 is

filtered by a firewall module, and inter-VLAN Layer 3 forwarding needs to be configured.

• Configure the operating mode of GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of the switch

as access. Assign them to VLAN 102 and VLAN 103 respectively.

• Ten-GigabitEthernet 2/0/1 of the switch connects to Ten-GigabitEthernet 0/0 of the firewall

module. Configure the link type of the two interfaces as trunk.

• Configure the operating mode of Ten-GigabitEthernet 0/0 as Layer 2. Create two VLAN interfaces

VLAN-interface 102 and VLAN-interface 103.

• Assign IP address 102.0.0.3/24 to VLAN-interface 102 and 103.0.0.3/24 to VLAN-interface 103.

• Add the firewall module's Ten-GigabitEthernet interface and the VLAN interfaces to security zones

Trust and Untrust.

Figure 176 Network diagram for inter-VLAN Layer 3 forwarding

1307BConfiguration procedure

1. Configure the ports on the switch.

# Create VLAN 102 and VLAN 103. Assign GigabitEthernet 3/0/1 to VLAN 102 and GigabitEthernet

3/0/2 to VLAN 103.

<Switch> system-view

[Switch] vlan 102

[Switch-vlan102] port gigabitethernet 3/0/1

[Switch-vlan102] vlan 103

[Switch-vlan103] port gigabitethernet 3/0/2

[Switch-vlan103] quit

IP network IP network

GE3/0/1

GE3/0/2

XGE0/0

XGE2/0/1