R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

To do… Use the command…

Remarks

Enter

interface

view

Enter

Ethernet

interface

view

interface interface-type

interface-number

Required

Use either command.

• The configuration made in Ethernet

interface view applies only to the

port.

• The configuration made in Layer 2

aggregate interface view applies to

the aggregate interface and its

aggregation member ports. If the

system fails to apply the

configuration to the aggregate

interface, it stops applying the

configuration to aggregation

member ports. If the system fails to

apply the configuration to an

aggregation member port, it skips

the port and moves to the next

member port.

Enter Layer

aggregate

interface

view

interface bridge-aggregation

interface-number

Configure the link type of

the ports as hybrid

port link-type hybrid

Required

By default, all ports are access ports.

Assign the hybrid ports to

the specified VLANs

port hybrid vlan vlan-id-list { tagged |

untagged }

Required

By default, a hybrid port allows only

packets of VLAN 1 to pass through

untagged.

Configure the PVID of the

hybrid ports

port hybrid pvid vlan vlan-id

Optional

By default, the PVID is VLAN 1.

NOTE:

• To chan

e the link type of a port from trunk to hybrid or vice versa, you must set the link type to access

first.

• Before assigning a hybrid port to a VLAN, create the VLAN first.

• After configuring the PVID for a hybrid port, you must use the port hybrid vlan command to confi

ure

the hybrid port to allow packets from the PVID to pass through, so that the egress port can forward

packets from the PVID.

Port-based VLAN configuration example

1. Network requirements

As shown in Figure 19:

• Ho

st A and Host C belong to Department A, and access the enterprise network through different

devices. Host B and Host D belong to Department B. They also access the enterprise network

through different devices.

• To ensure communication security and avoid broadcast storms, VLANs are configured in the

enterprise network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to

Department A, and VLAN 200 is assigned to Department B.

• Make sure that hosts within the same VLAN can communicate with each other. Host A can

communicate with Host C, and Host B can communicate with Host D.