Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
201202203204205206207208209210
198
[Switch] port-isolate group 2
[Switch] vlan 2
[Switch-vlan2] port ethernet 1/3
[Switch-vlan2] port ethernet 1/1
[Switch-vlan2] port ethernet 1/2
[Switch-vlan2] quit
[Switch] interface ethernet 1/3
[Switch-Ethernet1/3] port-isolate enable group 2
[Switch-Ethernet1/3] interface ethernet 1/1
[Switch-Ethernet1/1] port-isolate enable group 2
[Switch-Ethernet1/1] interface ethernet 1/2
[Switch-Ethernet1/2] port-isolate uplink-port group 2
2. Configure Firewall
# Specify the IP address of GigabitEthernet 0/0.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] ip address 192.168.10.100 255.255.0.0
The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2 and Layer
3.
# Configure local proxy ARP to allow communication between Host A and Host B at Layer 3.
[Firewall-GigabitEthernet0/0] local-proxy-arp enable
The ping operation from Host A to Host B is successful after the configuration.
Local proxy ARP configuration example in an isolate-user-VLAN
Network requirements
As shown in Figure 110, Switch is attached to Firewall. VLAN 5 on Switch is an isolate-user-VLAN, which
includes uplink port Ethernet 1/2 and two secondary VLANs, VLAN 2 and VLAN 3. Ethernet 1/3
belongs to VLAN 2, and Ethernet 1/1 belongs to VLAN 3.
Configure local proxy ARP on Firewall to implement Layer 3 communication between VLAN 2 and VLAN
3.