H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 177

Advertising
background image

162

# Configure ACL 2000.

[Device] acl number 2000
[Device-acl-basic-2000] rule 0 permit source 10.1.0.0 0.0.255.255
[Device-acl-basic-2000] quit

# Create classifier 1 and define an ACL-based match criterion.

[Device] traffic classifier 1
[Device-classifier-1] if-match acl 2000
[Device-classifier-1] quit

# Configure a traffic behavior with the action of mirroring traffic to Ten-GigabitEthernet 4/0/1.

[Device] traffic behavior 1
[Device-behavior-1] mirror-to interface ten-gigabitethernet 4/0/1
[Device-behavior-1] quit

# Configure a QoS policy, associating traffic behavior 1 with classifier 1.

[Device] qos policy 1
[Device-qospolicy-1] classifier 1 behavior 1
[Device-qospolicy-1] quit

# Apply the QoS policy to the incoming traffic on GigabitEthernet 2/0/1.

[Device] interface gigabitethernet 2/0/1
[Device-GigabitEthernet2/0/1] qos apply policy 1 inbound
[Device-GigabitEthernet2/0/1] quit

# Enable ACSEI server for the NS card to synchronize the clock on the Device.

[Device] acsei server enable

2.

Configure the SecBlade NS card.

# Configure Ten-GigabitEthernet 0/0 as a trunk port, and configure the port to allow packets from VLAN

10 and VLAN 20 to pass through.

<SecBlade> system-view
[SecBlade] interface ten-gigabitethernet 0/0
[SecBlade-Ten-GigabitEthernet0/0] port link-type trunk
[SecBlade-Ten-GigabitEthernet0/0] port trunk permit vlan 10 20
[SecBlade-Ten-GigabitEthernet0/0] quit

# Create a blackhole-type inline forwarding entry 1.

[SecBlade] inline-interfaces 1 blackhole

# Assign Ten-GigabitEthernet 0/0 to the blackhole-type inline forwarding entry 1 for discarding the
packets when they are received and processed.

[SecBlade] interface ten-gigabitethernet0/0
[SecBlade-Ten-GigabitEthernet0/0] port inline-interfaces 1

# Enable NetStream for incoming traffic on Ten-GigabitEthernet 0/0.

[SecBlade-Ten-GigabitEthernet0/0] ip netstream inbound

# Enable ACSEI client on Ten-GigabitEthernet 0/0 to synchronize the Device's clock.

[SecBlade-Ten-GigabitEthernet0/0] acsei-client enable
[SecBlade-Ten-GigabitEthernet0/0] quit

# Configure the destination address for NetStream data export with a destination UDP port. (The

destination UDP port number can be 9020, 9021, or 6343.)

[SecBlade]ip netstream export host 192.168.96.11 9020

Advertising
This manual is related to the following products:

H3C S10500 Series Switches, H3C S7500E Series Switches, H3C S6800 Series Switches, H3C S6300 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5820V2 Series Switches, H3C S5830 Series Switches, H3C S5830V2 Series Switches, H3C S3600V2 Series Switches, H3C S3100V2 Series Switches

Popular Brands
Popular manuals