Create management VLAN 10 and service VLAN 20.
[FW] vlan 10
[FW-vlan10]
[FW-vlan10] quit
[FW] vlan 20
[FW-vlan20] quit
Configure the IP address and mask length of VLAN-interface 10 as 192.168.10.1/24.
[FW] interface vlan-interface 10
[FW-Vlan-interface10] ip address 192.168.10.1 24
[FW-Vlan-interface10] quit
Configure the IP address and mask length of VLAN-interface 20 as 192.168.20.1/24.
[FW] interface Vlan-interface 20
[FW-Vlan-interface20] ip address 192.168.20.1 24
[FW-Vlan-interface20] quit
Configure Ethernet interface GigabitEthernet 1/0/2 as a Layer 2 trunk port. Configure the trunk port to allow VLAN 10 and VLAN 20 and not allow VLAN 1 to pass through.
[FW] interface GigabitEthernet 1/0/2
[FW-GigabitEthernet1/0/2] port link-mode bridge
[FW-GigabitEthernet1/0/2] port link-type trunk
[FW-GigabitEthernet1/0/2] port trunk permit vlan 10 20
[FW-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[FW-GigabitEthernet1/0/2] quit
Add interface VLAN-interface 10, VLAN-interface 20, Layer 2 Ethernet interface GigabitEthernet 1/0/2 in VLAN 10, and Layer 2 Ethernet interface GigabitEthernet1/0/2 in VLAN 20 to the
[FW]
[FW-security-zone-LAN] import interface vlan-interface 10
[FW-security-zone-LAN] import interface vlan-interface 20
[FW-security-zone-LAN] import interface GigabitEthernet 1/0/2 vlan 10
[FW-security-zone-LAN] import interface GigabitEthernet 1/0/2 vlan 20
[FW-security-zone-LAN]