R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
204
Configuring inter-VLAN Layer 3 forwarding
NOTE:
For the Layer 3 subinteface forwarding configuration commands, see Interface Confi
g
uration Commands
in Network Management Command Reference.
Configuring inter-VLAN Layer 3 forwarding
Perform the following configurations to achieve inter-VLAN Layer 3 forwarding.
1. Configure the ports of the switch
• Create two VLANs. Assign the ingress port to one VLAN and the egress port to the other.
• Configure the switch’s ten-GigabitEthernet port that connects to the firewall card as a trunk port and
configure the trunk port to join these two VLANs.
2. Configure the firewall card
• Create two VLANs, in which packets from the switch are forwarded.
• Configure the operating mode of the ten-GigabitEthernet interface that connects to the switch as
Layer 2 mode, and configure the link type as trunk. Assign the interface to the two VLANs created
on the switch.
• Create two VLAN interfaces with the same numbers as VLANs created on the switch for the
ten-GigabitEthernet interface.
• Assign IP addresses for the two VLAN interfaces.
• Add the firewall card's ten-GigabitEthernet interface and the VLAN interfaces to the security zones.
NOTE:
To achieve Layer 3 forwardin
g
between VLANs, you can create these VLANs on the swtich and confi
g
ure
the same number of VLAN interfaces for the ten-GigabitEthernet interface on the firewall card. Then add
the firwall card's ten-GigabitEthernet interface and the VLAN interfaces to security zones.
Configure the ports of the switch
Follow these steps to configure the ports of the switch:
To do… Use the command
Remarks
Enter system view system-view —
Create a VLAN and enter VLAN
view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Create another VLAN and enter
VLAN view
vlan vlan-id Required
Assign the access port(s) to the
VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.