H3c-technologies H3C SecBlade NetStream Cards Uživatelský manuál Strana 118

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 349
  • Tabulka s obsahem
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 117
103
As shown in Figure 34, the SecBlade card collaborates with a host device to filter Layer 2 traffic arriving
at the host device before forwarding the traffic.
Figure 34 Inter-VLAN Layer 2 forwarding
Inter-VLAN Layer 2 forwarding operates as follows:
1. After receiving a packet, the host device adds the VLAN tag of the receiving interface to the packet
and if the packet is not destined to the VLAN the host device tagged, sends the packet to the
SecBlade card through the trunk port in between.
2. The SecBlade card replaces the VLAN tag of the packet with its own VLAN tag and then handles
the packet according to security settings.
3. The SecBlade card replaces its VLAN tag of the packet with that contained in the interface number
of the egress subinterface and sends it to the host device (the egress subinterface is found through
a MAC address table lookup).
4. The host device forwards the packet toward the destination.
Configuration procedure
Perform the following configurations to achieve Layer 2 forwarding between two VLANs.
1. Configure the host device.
Create two VLANs. Assign the two access ports to different VLANs.
Configure the host device’s ten-GigabitEthernet port that connects to the SecBlade card as a trunk
port and configure the trunk port to join these two VLANs.
2. Configure the SecBlade card.
Create VLAN X for the SecBlade card. Packets from the host device will be tagged with VLAN X.
Configure the operating mode of the ten-GigabitEthernet interface that connects to the host device
as Layer 2 mode, and configure the link type of the interface as trunk.
Create two subinterfaces for the ten-GigabitEthernet interface, and use the IDs of those two VLANs
created on the host device as their interface numbers respectively. Set the link type of the
subinterfaces as access and assign the two subinterfaces to VLAN X.
NOTE:
To achieve Layer 2 forwarding between VLANs, you can create these VLANs on the host device and
configure the same number of subinterfaces for the ten-GigabitEthernet interface on the SecBlade card.
Configure the ports of the host device
Follow these steps to configure the ports of the host device:
IP network IP network
Device
SecBlade
NSC
Zobrazit stránku 117
1 2 ... 113 114 115 116 117 118 119 120 121 122 123 ... 348 349

Komentáře k této Příručce

Žádné komentáře