Layer 2 setting of H3C firewall 01/18 Update SLTechnology News&Howtos

Layer 2 setting of H3C firewall

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

H3C firewall has two layer-2 configuration methods. The old version is called transparent mode, and the new version is called bridging mode. The configuration commands are different, but the effect is the same. Here are two configuration examples. Please refer to:

/ / the red one must be configured:

System

Firewall packet-filter enable

Firewall packet-filter default permit

Firewall zone trust

Add interface e1swap 0 / / add both internal and external network ports to the area. Please join the ports according to your actual situation. The example cannot prevail.

Add interface e2/0

Add interface e3/0

Quit

Bridge enable / / enable bridging mode

Bridge 1 enable / / set up a bridge group

Int bridge-template 1 / / set the management address. If there is no such address, you may not set it.

Ip address Management IP address

Quit

Int e1ap0 / / add the interface to the bridge group

Bridge-set 1

Quit

Int e2/0

Bridge-set 1

Quit

Int e3/0

Bridge-set 1

Quit

Firewall zone trust / / add the bridge template to the area

Add interface bridge-template 1

Quit

Ip route 0.0.0.0 0.0.0.0 management address next hop / / management IP route, if not, do not add

Save

Transparent mode:

System-view (enter system mode)

Firewall packet-filter enable (enable firewall function)

Firewall packet-filter default permit (configure firewall default rules)

Firewall mode transparent (configured in transparent mode)

Firewall system-ip 192.168.1.254 255.255.255.0 (this is the management IP address of the firewall)

Interface Ethernet2/0 (enter WAN port)

Promiscuous (configured for transparent transport)

Interface Ethernet1/0 (enter LAN port)

Promiscuous (configured for transparent transport)

Firewall zone trust (entry area)

Add interface e2ap0 (add WAN port to this area)

Add interface e1ap0 (add LAN port to this area)

If there is a DHCP server uplink of the firewall, it needs to be configured. System view: firewall unknown-mac flood (unknown MAC flooding)

Bridge 1 firewall unknown-mac flood

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.