H3C Technologies H3C SecBlade IPS Cards User Manual
Page 36
29
To do…
Use the command…
Remarks
Add the external network port to
the external network VLAN
port interface-list
Required
By default, all ports belong to
VLAN 1.
Return to system view
quit
Required
Create the internal network VLAN
interface
interface Vlan-interface vlan-id
Required
Configure the IP address of the
internal network VLAN interface
ip address ip-address { mask |
mask-length } [ sub ]
Required
Not configured by default.
Return to system view
quit
Required
Create the external network VLAN
interface
interface vlan-interface vlan-id
Required
Configure the IP address of the
external network VLAN interface
ip address ip-address { mask |
mask-length } [ sub ]
Required
Not configured by default.
Return to system view
quit
Required
Enter the view of the 10GE
interface connected to the
SecBlade IPS card
interface interface-type
interface-number
Required
Configure the link type of the
interface as trunk
port link-type trunk
Required
Permit the packets of specified
VLANs to pass
port trunk permit vlan { vlan-id-list |
all }
Required
The two VLANs configured above
should be permitted.
Configure the default VLAN of the
trunk interface
port trunk pvid vlan vlan-id
Required
The default VLAN must not be
either of the two VLANs configured
above.
Disable MAC address learning on
the 10GE interface
mac-address max-mac-count 0 Required
Return to system view
quit
Required
Create an advanced ACL to be
used on the internal network
interface
acl number acl-number
Required
Create a rule to permit all Layer 3
IP packets
rule rule-id permit ip packet-level
route
Required
Return to system view
quit
Required
Create an advanced ACL to be
used on the external network
interface
acl number acl-number
Required
Create a rule to permit packets
destined to the internal network
rule rule-id permit ip packet-level
route destination network-address
wild-mask
Required
If the internal network interface has
multiple subnets attached, you
need to create a rule for each
subnet.