Displaying the configuration, Configuration example, Network requirements – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 29
22
To do…
Use the command…
Remarks
Configure the
OAA client
and internal
interface
Select System Management > Device
Management > OAA Configuration. Input
parameters in OAA Client Configuration
and Internal Interface Configuration to
complete OAA configuration.
Required
Configure
OAA
Test the
connectivity
Click the Test Connectivity button to test
the connectivity between the OAA client
and the server.
Required
Create security zones
Select System Management > Network
Management > Security Zone. Use the
Add button to create security zones and
add the interfaces of the S7500E switch to
the security zone.
Required
The interface list of the switch is
sent to the OAA board (the
SecBlade IPS card in this case),
and you can add interfaces to
security zones.
Create a segment
Select System Management > Network
Management > Segment Configuration.
Click Add Segment. Select a segment
number, the internal zone, and the
external zone.
Required
You need to specify the internal
interface when creating the
segment. The internal interface
connects to the switch.
Displaying the configuration
After completing above configurations, you can use the display command in any view of the SecBlade
IPS card to view forwarding information on the internal 10GE interface and verify you configurations.
To do…
Use the command…
Display the running status and forwarding
information of the 10GE interface
display interface [ interface-name ]
Use the following commands on the switch to display ACFP information.
To do…
Use the command…
Display the ACFP server information
display acfp server-info
Display the ACFP client information
display acfp client-info [ client-id ]
Display the ACFP policy information
display acfp policy-info [ client client-id [ policy-index ] |
dest-interface interface-type interface-number | global |
in-interface interface-type interface-number | out-interface
interface-type interface-number ] [ active | inactive ]
Display the ACFP rule information
display acfp rule-info { global | in-interface [ interface-type
interface-number ] | out-interface [ interface-type
interface-number ] | policy [ client-id policy-index ] }
Configuration Example
Network requirements
As shown in
, the switch has a SecBlade IPS card installed on slot 2. The switch uses
GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to connect to the internal network, uses
GigabitEthernet 3/0/20 to connect to the external network, and uses its internal interface