Configuration procedure – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 39
32
•
Configure the link type of Ethernet 5/1/1, Ethernet 5/1/2 and Ethernet 5/1/3 as access, and
configure them to belong to VLAN 10, VLAN 20 and VLAN 30 respectively. VLANs 10 and 20 are
internal network VLANs and VLAN 30 is an external network VLAN.
•
Configure the link type of the 10GE interfaces GigabitEthernet 3/1/1 and GigabitEthernet 4/1/1
of the switch as trunk.
•
Configure Ethernet 5/1/1 to redirect traffic to GigabitEthernet 3/1/1; configure Ethernet 5/1/2 to
redirect traffic to GigabitEthernet 4/1/1; configure Ethernet 5/1/3 to redirect traffic to
GigabitEthernet 3/1/1 and GigabitEthernet 4/1/1, ensuring that a response packet is processed
by the SecBlade IPS card that processed the corresponding request packet.
•
Configure the interface swap table of the SecBlade IPS cards and configure security zones and
segments.
Figure 19 S9500 switch and the LSB1IPS1A0 cards
Configuration procedure
1.
Configure the switch
# Configure Ethernet 5/1/1, Ethernet 5/1/2 and Ethernet 5/1/3 to belong to VLAN 10, VLAN 20 and
VLAN 30 respectively, and configure VLAN interfaces and their IP addresses.
[Sysname] vlan 10
[Sysname-vlan10] port Ethernet 5/1/1
[Sysname-vlan10] vlan 20
[Sysname-vlan20] port Ethernet 5/1/2
[Sysname-vlan20] vlan 30
[Sysname-vlan30] port Ethernet 5/1/3
[Sysname-vlan30] quit
[Sysname] interface Vlan-interface 10
[Sysname-Vlan-interface10] ip address 10.0.0.1 255.0.0.0
[Sysname-Vlan-interface10] quit
[Sysname] interface Vlan-interface 20
[Sysname-Vlan-interface20] ip address 20.0.0.1 255.0.0.0
[Sysname-Vlan-interface20] quit