Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 56
49
Table 3 Use the following commands in any view of the switch to view ACFP information.
To do…
Use the command…
Display the ACFP server information
display acfp server-info
Display the ACFP client information
display acfp client-info [ client-id ]
Display the ACFP policy information
display acfp policy-info [ client client-id [ policy-index ] |
dest-interface interface-type interface-number | global |
in-interface interface-type interface-number | out-interface
interface-type interface-number ] [ active | inactive ]
Display the ACFP rule information
display acfp rule-info { global | in-interface [ interface-type
interface-number ] | out-interface [ interface-type
interface-number ] | policy [ client-id policy-index ] }
Configuration Example
Network requirements
As shown in
, the switch has one SRPU installed in slot 0, one switching board installed in slot
4, and one SecBlade IPS card installed in slot 5. The switch uses GigabitEthernet 4/0/1 and
GigabitEthernet 4/0/2 to connect to the internal network, uses GigabitEthernet 4/0/20 to connect to
the external network, and uses its internal interface Ten-GigabitEthernet 5/0/1 to connect to the
SecBlade IPS card’s internal interface Ten-GigabitEthernet 0/0. Traffic received on GigabitEthernet
4/0/1, GigabitEthernet 4/0/2, and GigabitEthernet 4/0/20 must be sent to the SecBlade IPS card for
inspection.
Figure 31 S12500 switch and the LST1IPS1A1 card
IP network
IP network
Internet
GE4/0/1
GE4/0/2
GE4/0/20
XGE0/0
S12500
LST1IPS1A1 card
XGE5/0/1
Configuration procedure
1.
Configure the switch