beautypg.com

From external network to internal network, Configuration procedure, Configuring the switch – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 25

background image

18

From external network to internal network

1.

Packets from the external network enter the switch.

2.

The switch redirects the packets to the SecBlade IPS card.

3.

After processing the packets, the SecBlade IPS card forwards them back to the switch.

4.

The switch forwards the packets out its internal network interface.

Configuration Procedure

Configuring the switch

Configure the switch as follows.

Configure the MIB style of the switch.

Configure SNMP parameters. Configure SNMPv3 users and adopt non-authentication and
non-encryption.

Enable the ACFP server and the ACSEI server.

Configure a VLAN, VLAN 100, for example, which must not conflict with any existing VLANs on the
switch, and configure an IP address for the VLAN interface.

Configure the internal 10GE interface as a trunk interface, configure its default VLAN ID as 100
(which must be consistent with the VLAN ID configured on the OAA configuration page of the

SecBlade IPS card), configure the interface to permit packets of VLAN 2 through VLAN 4094 to

pass, and configure its connection mode as extended.

Configure the traffic switching mode of the main control board of the switch.

Save the configuration and reboot the switch.

Follow these steps to configure the switch:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure the MIB style of the
switch

mib-style [ new |
compatible ]

Required

new: Specifies the MIB style H3C new.
With this style, both the sysOID and

private MIB of the switch are located
under the H3C enterprise ID 25506.

compatible: Specifies the MIB style H3C
compatible. With this style, the sysOID of

the switch is located under the H3C
enterprise ID 25506, and the private MIB

is located under the enterprise ID 2011.

By default, the MIB style of the switch is new.
You need to reboot the switch to validate the
configuration (you can reboot the switch

after completing all configurations).

CAUTION:

Make sure that the switch’s the MIB style is

new. If you specify compatible for the switch,
the switch cannot work normally.

Enable SNMP agent

snmp-agent

Required
Disabled by default.

See also other documents in the category H3C Technologies Safety: