R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
92
• Configure subinterfaces for the Ethernet port of the firewall card and use the IDs of the two VLANs
created on the switch as their interface numbers respectively.
Inter-VLAN Layer 2 forwarding operates as follows:
1. After receiving a packet, the switch adds the VLAN tag of the receiving interface to the packet and
if the packet is not destined to the VLAN the switch tagged, sends the packet to the firewall card
through the trunk port in between.
2. The firewall card replaces the VLAN tag of the packet with its own VLAN tag and then handles the
packet according to security settings.
3. The firewall card replaces its VLAN tag of the packet with that contained in the interface number
of the egress subinterface and sends it to the switch (the egress subinterface is found through a
MAC address table lookup).
4. The switch forwards the packet toward the destination.
Configuring general Layer 2 forwarding
Configuring general Layer 2 forwarding
General Layer 2 forwarding is enabled by default.
Displaying and maintaining general Layer 2 forwarding
To do… Use the command…
Remarks
Display general and inline Layer 2
forwarding statistics
display bridge forwarding
statistics [ interface interface-type
interface-number ]
Available in any view
Clear all general and inline Layer
2 forwarding statistics
reset bridge forwarding statistics Available in user view
Configuring inline Layer 2 forwarding
Configuring inline Layer 2 forwarding in the web interface
Configure inline Layer 2 forwarding
• Forward type: A complete configuration contains an ID, which uniquely identifies an inline Layer 2
forwarding entry, and two interfaces. A packet coming from one interface goes out of the other.
• Reflect type: A complete configuration contains an ID, which uniquely identifies an inline Layer 2
forwarding entry, and one interface. A packet received on the interface goes out through this
interface.
• Blackhole type: A complete configuration contains an ID, which uniquely identifies an inline Layer
2 forwarding entry, and one interface. A packet received on the interface is discarded.
Select Network > Forwarding from the navigation tree to enter the inline forwarding page shown
in Figure 42. C
lick Add to enter the inline forwarding policy configuration page shown in Figure 43.