Configuration procedure, Configuration guidelines – H3C Technologies H3C SecPath F1000-E User Manual

560

•

The LAN port of SecPath is connected to the hosts, and the uplink port GigabitEthernet 0/1 is

connected to the Internet.

•

Subinterface 1 of GigabitEthernet 0/1 obtains its IP address through DHCP.

Configure SecPath to forward SNMP packets and SNMP traps through subinterface 1 of GigabitEthernet

0/1.

Figure 317 Network diagram

Configuration procedure

# Configure subinterface 1 of GigabitEthernet 0/1 (GigabitEthernet 0/1.1) to obtain its IP

address through DHCP.

system-view

[SecPath] interface GigabitEthernet 0/1.1

[SecPath-GigabitEthernet0/1.1] ip address dhcp-alloc

[SecPath-GigabitEthernet0/1.1] vlan-type dot1q vid 1

[SecPath-GigabitEthernet0/1.1] quit

# Define ACL 3000 to match management packets (SNMP packets and SNMP traps).

[SecPath] acl number 3000

[SecPath-acl-adv-3000] rule 0 permit udp source-port eq snmp

[SecPath-acl-adv-3000] rule 5 permit udp destination-port eq snmptrap

[SecPath-acl-adv-3000] quit

# Define Node 1 of policy management, so that management packets are forwarded via
GigabitEthernet 0/1.1. (Because GigabitEthernet 0/1.1 obtains its IP address through DHCP and

thus the next hop address is unknown, you need to specify the gateway address learned through

DHCP as the next hop address.)

[SecPath] policy-based-route management permit node 1

[SecPath-pbr-management-1] if-match acl 3000

[SecPath-pbr-management-1] apply output-interface GigabitEthernet 0/1.1 ip-address

next-hop dhcpc

[SecPath-pbr-management-1] quit

# Apply policy management to SecPath.

[SecPath] ip local policy-based-route management

Configuration guidelines

When you configure a policy, follow these guidelines: