beautypg.com

Configuring the secblade ips card – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 37

background image

30

To do…

Use the command…

Remarks

Return to system view

quit

Required

Create a Layer 2 ACL

acl number acl-number

Required

Create a rule to deny ARP packets rule rule-id deny arp

Required

Create a rule to deny Layer 2
packet forwarding

rule rule-id deny packet-level
bridge

Required

Return to system view

quit

Required

Enter internal network interface
view

interface interface-type
interface-number

Required

Configure a redirection policy to
redirect inbound packets

matching the ACL to the specified

interface

traffic-redirect inbound ip-group
acl-number interface interface-type

interface-number

Required
Use the ACL configured for the
internal network interface.

Return to system view

quit

Required

Enter external network interface
view

interface interface-type
interface-number

Required

Configure a redirection policy to
redirect inbound packets

matching the ACL to the specified

interface

traffic-redirect inbound ip-group
acl-number interface interface-type

interface-number

Required
Use the ACL configured for the
external network interface.

Return to system view

quit

Required

Enter the view of the 10GE
interface connected to the

SecBlade IPS card

interface interface-type
interface-number

Required

Configure a filtering policy to
deny forwarding incoming ARP

and Layer 2 packets.

packet-filter inbound link-group
acl-number

Required
Use the Layer 2 ACL configure
above.

Return to system view

quit

Required

Return to user view

return

Optional

Configuring the SecBlade IPS card

Configure the SecBlade IPS card as follows.

Configure the IP address of the management interface at the CLI and use the IP address to login to

the web interface of the SecBlade IPS card.

Configure the interface swap table.

Create security zones and add internal 10GE interfaces that belong to different internal and
external network VLANs to corresponding security zones.

Create segments and add internal and external zones to corresponding segments.

Follow these steps to configure the SecBlade IPS card:

To do…

Use the command…

Remarks

Enter system view

system-view

See also other documents in the category H3C Technologies Safety: