beautypg.com

H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 177

background image

162

# Configure ACL 2000.

[Device] acl number 2000
[Device-acl-basic-2000] rule 0 permit source 10.1.0.0 0.0.255.255
[Device-acl-basic-2000] quit

# Create classifier 1 and define an ACL-based match criterion.

[Device] traffic classifier 1
[Device-classifier-1] if-match acl 2000
[Device-classifier-1] quit

# Configure a traffic behavior with the action of mirroring traffic to Ten-GigabitEthernet 4/0/1.

[Device] traffic behavior 1
[Device-behavior-1] mirror-to interface ten-gigabitethernet 4/0/1
[Device-behavior-1] quit

# Configure a QoS policy, associating traffic behavior 1 with classifier 1.

[Device] qos policy 1
[Device-qospolicy-1] classifier 1 behavior 1
[Device-qospolicy-1] quit

# Apply the QoS policy to the incoming traffic on GigabitEthernet 2/0/1.

[Device] interface gigabitethernet 2/0/1
[Device-GigabitEthernet2/0/1] qos apply policy 1 inbound
[Device-GigabitEthernet2/0/1] quit

# Enable ACSEI server for the NS card to synchronize the clock on the Device.

[Device] acsei server enable

2.

Configure the SecBlade NS card.

# Configure Ten-GigabitEthernet 0/0 as a trunk port, and configure the port to allow packets from VLAN

10 and VLAN 20 to pass through.

system-view
[SecBlade] interface ten-gigabitethernet 0/0
[SecBlade-Ten-GigabitEthernet0/0] port link-type trunk
[SecBlade-Ten-GigabitEthernet0/0] port trunk permit vlan 10 20
[SecBlade-Ten-GigabitEthernet0/0] quit

# Create a blackhole-type inline forwarding entry 1.

[SecBlade] inline-interfaces 1 blackhole

# Assign Ten-GigabitEthernet 0/0 to the blackhole-type inline forwarding entry 1 for discarding the
packets when they are received and processed.

[SecBlade] interface ten-gigabitethernet0/0
[SecBlade-Ten-GigabitEthernet0/0] port inline-interfaces 1

# Enable NetStream for incoming traffic on Ten-GigabitEthernet 0/0.

[SecBlade-Ten-GigabitEthernet0/0] ip netstream inbound

# Enable ACSEI client on Ten-GigabitEthernet 0/0 to synchronize the Device's clock.

[SecBlade-Ten-GigabitEthernet0/0] acsei-client enable
[SecBlade-Ten-GigabitEthernet0/0] quit

# Configure the destination address for NetStream data export with a destination UDP port. (The

destination UDP port number can be 9020, 9021, or 6343.)

[SecBlade]ip netstream export host 192.168.96.11 9020

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: