beautypg.com

Displaying the configuration, Configuration example, Network requirements – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 47

background image

40

To do…

Use the command…

Remarks

Create a segment

Select System Management > Network
Management > Segment Configuration.
Click Add Segment. Select a segment

number, the internal zone, and the

external zone.

Required
You need to specify the internal

interface when creating the

segment. The internal interface
connects to the switch.

Displaying the configuration

After completing above configurations, you can use the display command in any view of the SecBlade

IPS card to view forwarding information on the internal 10GE interface and verify you configurations.

To do…

Use the command…

Display the running status and forwarding
information of the 10GE interface

display interface [ interface-name ]

Use the following commands on the switch to display ACFP information.

To do…

Use the command…

Display the ACFP server information

display acfp server-info

Display the ACFP client information

display acfp client-info [ client-id ]

Display the ACFP policy information

display acfp policy-info [ client client-id [ policy-index ] |
dest-interface interface-type interface-number | global |
in-interface interface-type interface-number | out-interface

interface-type interface-number ] [ active | inactive ]

Display the ACFP rule information

display acfp rule-info { global | in-interface [ interface-type
interface-number ] | out-interface [ interface-type

interface-number ] | policy [ client-id policy-index ] }

Configuration Example

Network requirements

As shown in

Figure 24

, the switch has one SRPU installed in slot 5, one switching board installed in slot

3, and one SecBlade IPS card installed in slot 8. The switch uses GigabitEthernet 3/0/1 and

GigabitEthernet 3/0/2 to connect to the internal network, uses GigabitEthernet 3/0/20 to connect to

the external network, and uses its internal interface Ten-GigabitEthernet 8/0/1 to connect to the
SecBlade IPS card’s internal interface Ten-GigabitEthernet 0/0. Traffic received on interfaces

GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/20 must be sent to the

SecBlade IPS card for inspection.

See also other documents in the category H3C Technologies Safety: