beautypg.com

Lswm1ips10 card configuration, Configuration overview, From internal network to external network – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 16: From external network to internal network

background image

9

Switch/Router and SecBlade IPS Card Network
Configuration

NOTE:

For more information about the commands used in this chapter, see the Configuration Guides and
Command References shipped with switch and router that installated the SecBlade IPS Card.

LSWM1IPS10 Card Configuration

NOTE:

The LSWM1IPS10 card is only for S5800&S5820X series switches and supports the OAA feature.

Configuration Overview

The switch and the SecBlade IPS card are connected through internal 10GE interfaces. The switch uses

VLAN interfaces to perform Layer 3 forwarding. Configure redirection on the internal and external

network interfaces of the switch to redirect incoming IP packets to be forwarded through the VLAN
interfaces to the internal 10GE interface connected to the SecBlade IPS card. The switch performs normal

Layer-3 forwarding to the packets and then sends them to the SecBlade IPS card through its internal

10GE interface. The detailed data forwarding process is as follows.

From internal network to external network

1.

A packet from the internal network enters the switch.

2.

The switch reprocesses the packet for Layer 3 forwarding, during which the switch inserts an
outgoing VLAN tag in to the packet.

3.

After the Layer 3 preprocessing, the switch redirects the packet to the SecBlade IPS card according
to the receiving port, the incoming VLAN and the outgoing port.

4.

After reprocessing the packet, the SecBlade IPS card forwards the packet back to the switch.

5.

The switch forwards the packet out its external network interface.

From external network to internal network

1.

A packet from the external network enters the switch.

2.

The switch preprocesses the packet for Layer 3 forwarding, during which the switch removes the
incoming VLAN tag from the packet.

3.

After the Layer 3 preprocessing, the switch redirects the packet to the SecBlade IPS card according
to the receiving port, the incoming VLAN and the outgoing port.

4.

After reprocessing the packet, the SecBlade IPS card forwards the packet back to the switch.

5.

The switch forwards the packet out its internal network interface.