Configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 64
57
Configuration Example
Network requirements
As shown in
, the router has one SRPU inserted in slot 0, two switching boards inserted in slots
3 and 4, and one SecBlade IPS card inserted in slot 5. The router uses GigabitEthernet 3/0/0 to connect
to the internal network, uses GigabitEthernet 3/0/1 to connect to the external network, and uses its
internal interface Ten-GigabitEthernet 5/0/0 to connect to the SecBlade IPS card’s internal interface
Ten-GigabitEthernet 0/0. Traffic received on the router’s GigabitEthernet 3/0/0 and GigabitEthernet
3/0/1 must be sent to the SecBlade IPS card for inspection.
Figure 38 SR6600 router and the SPE-IPS-200 card
Configuration procedure
1.
Configure the router
# Configure the H3C new MIB style. With this style, the sysOID and the private MIB are both under H3C
enterprise ID 25506. You need to reboot the router to validate the configuration (you can reboot the
router after completing all configurations).
[Sysname] mib-style new
# Configure SNMP parameters.
[Sysname] snmp-agent
[Sysname] snmp-agent sys-info version all
[Sysname] snmp-agent group v3 v3group_no read-view iso write-view iso
[Sysname] snmp-agent mib-view included iso iso
[Sysname] snmp-agent usm-user v3 v3user_no v3group_no
# Enable the ACFP server and the ACSEI server.
[Sysname] acfp server enable
[Sysname] acsei server enable
# Create a Layer 3 subinterface for the router’s internal interface, and configure a VLAN ID and an IP
address for the subinterface.
[Sysname] interface Ten-GigabitEthernet5/0/0.1
[Sysname-Ten-GigabitEthernet5/0/0.1] vlan-type dot1q vid 100
[Sysname-Ten-GigabitEthernet5/0/0.1] ip address 100.100.100.1 255.255.255.0