Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 21
14
Configuration Example
Network requirements
As shown in
, the switch has a SecBlade IPS card installed on slot 3. The switch uses
GigabitEthernet 1/0/15 to connect to the internal network, uses GigabitEthernet 1/0/16 to connect to
the external network, and uses its internal interface Ten-GigabitEthernet 1/3/1 to connect to the
SecBlade card’s internal interface Ten-GigabitEthernet 0/0. Traffic received on the switch’s interfaces
GigabitEthernet 1/0/15 and GigabitEthernet 1/0/16 must be sent to the SecBlade IPS card for
inspection.
Figure 5 S5800&S5820X switch and the LSWM1IPS card
Configuration procedure
1.
Configure the switch
# Configure the H3C new MIB style. That is, the sysOID and private MIB are both under H3C enterprise
ID 25506. You need to reboot the switch to validate the configuration (You can reboot the switch after
completing all configurations).
[Sysname] mib-style new
# Configure SNMPv3 parameters.
[Sysname] snmp-agent
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent group v3 v3group_no read-view iso write-view iso
[Sysname] snmp-agent mib-view included iso iso
[Sysname] snmp-agent usm-user v3 v3user_no v3group_no
# Enable the ACFP server and the ACSEI server.
[Sysname] acfp server enable
[Sysname] acsei server enable
# Configure the internal interface.
•
Create VLAN 100 and configure an IP address for the VLAN interface. Make sure the VLAN does
not conflict with any existing VLAN.
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface Vlan-interface100
[Sysname-Vlan-interface100] ip address 100.100.100.1 255.255.255.0
[Sysname-Vlan-interface100] quit