beautypg.com

Assigning contexts to security engines, Configuring security engine groups – H3C Technologies H3C SecPath F5020 User Manual

Page 73

background image

64

All contexts without the VLAN-unshared attribute share the same VLAN resources (VLAN 1 through

VLAN 4094). You create VLANs on the default context and use the allocate vlan command to
assign VLANs to the contexts. You cannot use the vlan command to create VLANs for the contexts.

A VLAN can be assigned only to one context.

To create a context:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a context and
enter context view.

context context-name [ id
context-id ] [ vlan-unshared ]

By default, there is a default context with the
name Admin and ID 1.

3.

Configure a description
for the context.

description text

By default, the default context uses the
description DefaultContext, and a non-default

context does not have a description.

Assigning contexts to security engines

The firewall is equipped with hardware security engines. To simplify management, the firewall manages
security engines by using security engine groups.
A context can run and provide services only after you assign it to a security engine group.

Configuring security engine groups

A security engine group can have multiple security engines. The system automatically elects one security

engine as the main security engine. Other security engines act as backup security engines. When the

main security engine cannot operate correctly, the system automatically elects another security engine as

the main security engine.
To configure a security engine group:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a security

engine group and
enter security engine

group view.

blade-controller-team
blade-controller-team-name [ id

blade-controller-team-id ]

By default, there is a default
security engine group with the

name Default and ID 1.

3.

Add a security engine

to the security engine
group.

Centralized IRF devices/distributed

devices in standalone mode:
location blade-controller slot slot-number

cpu cpu-number

Distributed devices in IRF mode:

location blade-controller chassis

chassis-number slot slot-number cpu

cpu-number

By default, a non-default security
engine group cannot use any
security engines. All security

engines belong to the default

security engine group.
A security engine can be added
only to one security engine

group.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: