Configuration guidelines – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 47
3-19
Item
Description
Source MAC for
Interfering
In the bypassed connecting mode, the source MAC address of
the responded interfering packets:
z
Management interface: Take the MAC address of the
management interface as the source MAC address
z
Packets: Take the source MAC address of the captured
packets as the source MAC address
z
Customize: Manually configured source MAC address
Next Hop MAC
In the bypassed connecting mode, the next hop MAC address
of the responded interfering packets.
It is usually the MAC address of the General port in
In the bypassed
connecting mode,
when the IPS
device is
connected to a
switch, there are
some configuration
limitations for the
Source MAC for
Interfering and
Next Hop MAC,
see
for
details.
Return by original
path/A certain
interface (the
drop-down list at the
bottom right corner)
Select the interface to send the responded interfering packets; you can select to return
by original path or select a certain interface.
z
Return by original path: Sends the responded interfering packets from the interface
through which the device captured data packets.
z
A certain interface: Sends the responded interfering packets from the selected
interface. The drop-down list only displays interfaces that are not in the security
zone.
This drop-down list is available only after you select both the Directly connected
check box and the Integrated function set check box.
Table 3-13 Configuration limitation if the Bypassed check box is selected
Devices in the bypassed connecting
mode
Source MAC for Interfering
Next Hop MAC
When the General device in
is a Layer 2 switch
Select Management interface or
Customize, and cannot select
Packets.
When you select Customize, the
MAC address cannot be conflicted
with another MAC address in the
Layer 2 domain.
Null
The General port,
Mirroring port, and the
Monitor port are in the
same VLAN.
Select Management interface or
Customize, and cannot select
Packets.
When you select Customize, the
MAC address cannot be conflicted
with another MAC address in the
Layer 2 domain.
Null
When the
General
device in
is a Layer 3
switch
The General port,
Mirroring port, and the
Monitor port are in
different VLANs.
No limitation
z
Null
z
Virtual interface MAC
address of the VLAN to
which the General port
belongs
Configuration Guidelines
When configuring operating mode, note that:
1) When the device is in bypassed connecting mode and connected to a switch, avoid the following
configurations; otherwise, the switch may not learn MAC address successfully.
z
Configure the source MAC address of the captured packets as the source MAC address on the
device.