R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
97
• Add the two subinterfaces of the ten-GigabitEthernet interface to different security zones.
NOTE:
To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the switch and confi
g
ure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card. Then add the
subinterfaces to security zones.
Configuring the ports of the switch
Follow these steps to configure the ports of the switch:
To do… Use the command…
Remarks
Enter system view system-view —
Create a VLAN and enter VLAN
view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Create another VLAN and enter
VLAN view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Enter the view of the
ten-GigabitEthernet interface that
connects to the firewall card
interface ten-gigabitethernet
interface-number
Required
Configure the link type of the
interface as trunk
port link-type trunk Required
Assign the trunk port to the two
VLANs
port trunk permit vlan { vlan-id-list |
all }
Required
Configure the default VLAN on the
trunk port
port trunk pvid vlan vlan-id
Optional
The default VLAN cannot be one of
the previously configured two
VLANs.
Configuring the firewall card
Follow these steps to configure the firewall card:
To do… Use the command…
Remarks
Enter system view system-view —
Create VLANs for the firewall card
and enter VLAN view
vlan vlan-id Required
Exit to system view quit —
Enter the view of the
ten-GigabitEthernet interface that
connects to the switch
interface ten-gigabitethernet
interface-number
Required