Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
2.15.4 Example for Configuring the Transparent Firewall
This example shows the application of the transparent firewall on a network. The SPU forwards
packets to the destination VLAN through Layer 2 according to the configuration of the VLAN
bridge instance.
Networking Requirements
As shown in
SwitchB are added to different VLANs. The SPU functions as the transparent firewall to provide
the inter-vlan-bridge function between the two VLANs. The SPU controls and forwards traffic
between SwitchA and SwitchB and allows host (MAC address 000f-1f7e-fec5) in the untrust
zone to access resources in the trust zone.
The SPU is installed in slot 5 of the S9700.
Figure 2-5 Networking of transparent firewall configuration
Issue 01 (2012-03-15)
zone untrust
return
Configuration file of the S9700
#
vlan batch 101 to 102
#
interface GigabitEthernet2/0/1
port link-type trunk
port trunk allow-pass vlan 101
#
interface GigabitEthernet2/0/2
port link-type trunk
port trunk allow-pass vlan 102
#
interface Eth-Trunk 1
port link-type trunk
port trunk allow-pass vlan 101 to 102
#
interface XGigabitEthernet5/0/0
eth-trunk 1
interface XGigabitEthernet5/0/1
eth-trunk 1
#
return
Figure
2-5, OSPF is run between the SwitchA and SwitchB. SwitchA and
trust zone
Switch A
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 101
XGE5/0/0
Eth-Trunk1.1
Eth-Trunk1.2
XGE5/0/1
VLAN 102
GE2/0/1
GE2/0/2
Switch
2 Firewall Configuration
000f-1f7e-fec5
untrust
zone
Switch B
79
Advertisement
Table of Contents
