Configuring the secblade ips card – H3C Technologies H3C SecBlade IPS Cards User Manual

63

To do…

Use the command…

Remarks

Specify permitted
VLANs on the trunk
port

port trunk permit vlan { vlan-id-list
| all }

Required
A trunk port can allow packets of

multiple VLANs to pass. If you use the

command repeatedly on the
interface, all the specified VLANs are

permitted.

Configure the

extended port
connection mode

for the trunk port

port connection-mode extend

Required

Disable MAC
address learning on

the 10GE interface

mac-address max-mac-count 0 Required

Return to system
view

quit

Required

Save all configurations

save [ file-name | [ safely ]

Required

Configuring the SecBlade IPS card

Perform the following configurations on the SecBlade IPS card:

•

Configure an IP address for the management interface through the CLI and use the IP address to log
in to the web interface of the SecBlade IPS card.

•

Configure the internal interface and the OAA client and test the connectivity between the OAA
client and the router.

•

Create security zones and add the interfaces of the router to the security zones.

•

Create a segment and add the internal zone and the external zone to the segment.

Table 6 Follow these steps to configure the SecBlade IPS card:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter management interface
view

interface meth interface-number Optional

Configure an IP address for
the management interface

ip address ip-address mask

Optional
By default, the IP address of the
management interface Meth 0/2

is 192.168.1.1.

Enable the management
interface

undo shutdown

Required
Enabled by default.

Use the IP address of the
management interface to log

in to the web interface of the

SecBlade IPS card

—

Required
The default username and
password are both admin.