R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
202
• Create two subinterfaces for the firewall card's ten-GigabitEthernet port. Associate them with the
VLANs created on the switch and set the encapsulation type as dot1q.
• Assign IP addresses for the two subinterfaces.
• Add these two subinterfaces to security zones.
NOTE:
To achieve Layer 3 forwardin
g
between VLANs, you can create these VLANs on the swtich and confi
g
ure
the same number of subinterfaces for the ten-GigabitEthernet interface on the firewall card. Then add the
subinterfaces to security zones.
Configure the ports of the switch
Follow these steps to configure the ports of the switch:
To do… Use the command…
Remarks
Enter system view system-view —
Create a VLAN and enter VLAN
view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Create another VLAN and enter
VLAN view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Enter the view of the
ten-GigabitEthernet interface that
connects to the firewall card
interface Ten-GigabitEthernet
interface-number
Required
Configure the link type of the
interface as trunk
port link-type trunk
Required
Assign the trunk port to the two
VLANs
port trunk permit vlan { vlan-id-list |
all }
Required
Configure the default VLAN for the
trunk port
port trunk pvid vlan vlan-id
Optional
The default VLAN cannot be one of
the previously configured two
VLANs.
Configure the firewall card
Follow these steps to configure the firewall card:
To do… Use the command
Remarks
Enter system view system-view —
Enter the view of the
ten-GigabitEthernet interface that
connects to the switch
interface ten-gigabitEthernet
interface-number
Required