Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 295
270
Layer 3 subinterface forwarding configuration
example
Network requirements
As shown in
, traffic between GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 is filtered by
a firewall card, and Layer 3 subinterface forwarding needs to be configured.
•
Configure the operating mode of GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 of the switch
as access. Assign them to VLAN 102 and VLAN 103 respectively.
•
Ten-GigabitEthernet 2/0/1 of the switch connects to ten-GigabitEthernet 0/0 of the firewall card.
Configure ten-GigabitEthernet 2/0/1 as a trunk port.
•
Configure the operating mode of the firewall card's ten-GigabitEthernet interface as Layer 3.
Configure two subinterfaces, ten-GigabitEthernet 0/0.1 and ten-GigabitEthernet 0/0.2, and set
their encapsulation type to dot1q. Associate ten-GigabitEthernet 0/0.1 with VLAN 102 and
ten-GigabitEthernet 0/0.2 with VLAN 103.
•
Assign IP address 102.0.0.3/24 to ten-GigabitEthernet 0/0.1 and 103.0.0.3/24 to
ten-GigabitEthernet 0/0.2.
•
Add one subinterface to the security zone Trust and the other subinterface to Untrust.
Figure 169 Network diagram for Layer 3 subinterface forwarding
Configuration procedure
1.
Configure the ports on the switch.
# Create VLAN 102 and VLAN 103. Assign GigabitEthernet 3/0/1 to VLAN 102 and GigabitEthernet
3/0/2 to VLAN 103.
<Sysname> system-view
[Sysname] vlan 102
[Sysname-vlan102] port GigabitEthernet 3/0/1
[Sysname-vlan102] vlan 103
[Sysname-vlan103] port GigabitEthernet 3/0/2
[Sysname-vlan103] quit
# Configure the link type of ten-GigabitEthernet 2/0/1 as trunk and assign the trunk port to VLAN 102
and VLAN 103.
[Sysname] interface Ten-GigabitEthernet 2/0/1
[Sysname-Ten-GigabitEthernet2/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet2/0/1] port trunk permit vlan 102 103