beautypg.com

Displaying the configuration, Configuration example, Network requirements – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 38

background image

31

To do…

Use the command…

Remarks

Enter management
interface view

interface meth interface-number Required

Configure an IP address
for the interface

ip address ip-address { mask |
mask-length }

Required
By default, the IP address of the
management interface is

192.168.1.1.

Enable the management
interface

undo shutdown

Required
Disabled by default.

Use the IP address to log in
to the web interface of the
SecBlade IPS card

Required
The default username and password

are both admin.

Configure interface swap
table

Select System Management > Network
Management > Interface Swap Table

Configuration. Click the Add Interface
Swap Entry button. Select the index and

select the 10GE internal interface as

Interface 1 and Interface 2.

Required

Create security zones

Select System Management > Network
Management > Security Zone. Use the

Add button to create security zones and

add 10GE interfaces and VLANs to the
security zones.

Required
You need to create a security zone
for each 10GE interface that

belongs to the internal VLAN,

external VLAN, or both.

Create segments

Select System Management > Network
Management > Segment Configuration.

Click the Add Segment button. Select a
segment number, the internal zone, and

the external zone.

Required
You need to create a segment for
each internal zone or external zone.

Displaying the configuration

After completing above configurations, you can use the display command in any view of the SecBlade
IPS card to view forwarding information on the internal 10GE interface and verify you configurations.

To do…

Use the command…

Display the running status and forwarding information
of the 10GE interface

display interface [ interface-name ]

Configuration Example

Network requirements

As shown in

Figure 19

, the switch has two SecBlade IPS cards inserted. The switch uses Ethernet 5/1/1

and Ethernet 5/1/2 to connect to the internal network, uses Ethernet 5/1/3 to connect to the external

network, and uses its internal interfaces GigabitEthernet 3/1/1 and GigabitEthernet 4/1/1 to connect

to the SecBlade cards’ internal interface Ten-GigabitEthernet 0/0. Traffic received on the switch’s
interfaces Ethernet 5/1/1, Ethernet 5/1/2, and Ethernet 5/1/3 must be forwarded to the SecBlade IPS

cards for inspection and the two cards implement load balancing.
Configuration considerations:

See also other documents in the category H3C Technologies Safety: