Spe-ips-200 card configuration, Configuration overview, From internal network to external network – H3C Technologies H3C SecBlade IPS Cards User Manual

53

Figure 37 Configure the segment

SPE-IPS-200 Card Configuration

NOTE:

The SPE-IPS-200 card is only for the SR6600 routers.

Configuration Overview

The router and the SecBlade IPS card are connected through internal 10GE interfaces. With OAA

configured, the router automatically redirects traffic to the SecBlade IPS card through its 10GE interface.

After processing the traffic, the SecBlade IPS card sends the traffic back to the router through its internal

10GE interface, and the router forwards the traffic. The detailed data forwarding process is as follows.

From internal network to external network

1.

Packets from the internal network enter the router.

2.

The router redirects the packets to the SecBlade IPS card.

3.

The SecBlade IPS card processes the packets, and then forwards them back to the router.

4.

The router forwards the packets out its external network interface.

From external network to internal network

1.

Packets from the external network enter the router.

2.

The router redirects the packets to the SecBlade IPS card.

3.

The SecBlade IPS card processes the traffic, and then forwards them back to the router.

4.

The router forwards the packets out its internal network interface.

Configuration Procedure

Configuring the router

Perform the following configurations on the router:

•

Configure the MIB style of the router.

•

Configure SNMP parameters.

•

Enable the ACFP server and the ACSEI server.

•

Configure a Layer 3 subinterface on the 10GE interface, and configure a VLAN ID and an IP
address for the subinterface.