Verifying the configuration, Port-based vlan configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 69: Configuration procedure
44
[SecPath] interface vlan-interface 10
[SecPath-Vlan-interface10] ip address 192.168.1.20 24
[SecPath-Vlan-interface10] return
2.
Configure the default gateway of PC A as 192.168.0.10.
3.
Configure the default gateway of PC B as 192.168.1.20.
Verifying the configuration
•
The PCs can ping each other.
•
Display brief information about Layer 3 interfaces on SecPath to verify the configuration.
<SecPath> display ip interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IP Address Description
Vlan-interface5 up up 192.168.0.10 Vlan-inte...
Vlan-interface10 up up 192.168.1.20 Vlan-inte...
Port-based VLAN configuration example
In this configuration example, either Device A or Device B is the SecPath firewall.
Network requirements
As shown in
, Host A and Host C belong to Department A, and access the enterprise network
through different devices. Host B and Host D belong to Department B. They also access the enterprise
network through different devices.
To ensure communication security and avoid broadcast storms, VLANs are configured in the enterprise
network to isolate Layer 2 traffic of different departments. VLAN 100 is assigned to Department A, and
VLAN 200 is assigned to Department B.
Make sure that hosts within the same VLAN can communicate with each other. Host A can communicate
with Host C, and Host B can communicate with Host D.
Figure 30 Network diagram
Configuration procedure
1.
Configure Device A:
# Create VLAN 100, and assign port GigabitEthernet 0/1 to VLAN 100.
<DeviceA> system-view
[DeviceA] vlan 100
[DeviceA-vlan100] port gigabitethernet 0/1
[DeviceA-vlan100] quit