Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
201202203204205206207208209210
197
[Firewall-GigabitEthernet0/1] quit
# Specify the IP address of interface GigabitEthernet 0/0.
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] ip address 192.168.20.99 255.255.255.0
# Enable proxy ARP on interface GigabitEthernet 0/0.
[Firewall-GigabitEthernet0/0] proxy-arp enable
[Firewall-GigabitEthernet0/0] quit
After completing preceding configurations, use the ping command to verify the connectivity between
Host A and Host D.
Local proxy ARP configuration example in case of port isolation
Network requirements
As shown in Figure 109, Host A and Host B belong to the same VLAN, and connect to Switch via Ethernet
1/3 and Ethernet 1/1 respectively. Switch connects to Firewall via Ethernet 1/2.
Configure port isolation on Ethernet 1/3 and Ethernet 1/1 of Switch. Enable proxy ARP on Firewall to
allow communication between Host A and Host B at Layer 3.
Figure 109 Network diagram for local proxy ARP between isolated ports
NOTE:
The switch in this diagram is a distributed device.
In this configuration example, all traffic between the hosts is blocked, and therefore you need to
configure local proxy ARP on GigabitEthernet 0/0 of Firewall to enable communication between Host
A
and Host B. If the two ports (Ethernet 1/3 and Ethernet 1/1) on the switch are isolated only at Layer 2,
you can enable communication between the two hosts by configuring local proxy ARP on
VLAN-interface 2 of the switch.
Configuration procedure
1. Configure Switch
# Add Ethernet 1/3, Ethernet 1/1 and Ethernet 1/2 to VLAN 2. Configure port isolation on Host A and
Host B.
<Switch> system-view