Configuring the secblade ips card – H3C Technologies H3C SecBlade IPS Cards User Manual

55

To do…

Use the command…

Remarks

Add a user to the SNMP group

snmp-agent usm-user v3
user-name group-name [ [ cipher ]
authentication-mode { md5 | sha }

auth-password [ privacy-mode

{ des56 | aes128 }

priv-password ] ] [ acl acl-number ]

Required
If you execute this command for the

same user repeatedly, the last

configuration takes effect.

Enable the ACFP server

acfp server enable

Required
Disabled by default.

Enable the ACSEI server

acsei server enable

Required
Disabled by default.

Create a
subinterface for the

10GE interface and

enter subinterface
view

int Ten-GigabitEthernet
interface-number

Required

Configure the
subinterface to
terminate packets

that carry the

specified VLAN ID

vlan-type dot1q vid vlan-id

Required

Configure
the

internal

10GE
interface

Configure an IP
address and mask

for the subinterface

ip address ip-address { mask |
mask-length } [ sub ]

Required

Save all configurations

save [ file-name | [ safely ]

Required

Configuring the SecBlade IPS card

Perform the following configurations on the SecBlade IPS card:

•

Configure an IP address for the management interface through the CLI and use the IP address to log

in to the web interface of the SecBlade IPS card.

•

Configure the internal interface and the OAA client, and test the connectivity between the OAA
client and the router.

•

Create security zones and add the interfaces of the router to the security zones.

•

Create a segment and add the internal zone and the external zone to the segment.

Table 4 Follow these steps to configure the SecBlade IPS card:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter management interface
view

interface meth interface-number Optional

Configure an IP address for
the management interface

ip address ip-address mask

Optional
By default, the IP address of the

management interface meth 0/2 is
192.168.1.1.