Huawei quidway s7700 Configuration Manual page 80
Smart routing switch
Hide thumbs
Also See for quidway s7700:
- Configuration manual (833 pages) ,
- Configuration manual - ethernet (648 pages) ,
- Configuration manual - multicast (551 pages)
Table of Contents
Advertisement
Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
4.
5.
Procedure
Step 1 Import flows from the S7700 to the SPU.
1.
2.
Step 2 Configure zones and the interzone on the SPU.
[SPU] firewall zone trust
[SPU-zone-trust] priority 100
[SPU-zone-trust] quit
[SPU] firewall zone untrust
[SPU-zone-untrust] priority 1
[SPU-zone-untrust] quit
[SPU] firewall interzone trust untrust
[SPU-interzone-trust-untrust] firewall enable
[SPU-interzone-trust-untrust] quit
Step 3 Add the interfaces of the SPU to zones.
[SPU] interface Eth-trunk0.1
[SPU-Eth-trunk0.1] zone trust
[SPU-Eth-trunk0.1] quit
[SPU] interface Eth-trunk0.2
[SPU-Eth-trunk0.2] zone untrust
[SPU-Eth-trunk0.2] quit
Step 4 Configure an ACL on the SPU.
Issue 01 (2011-07-15)
Configure an ACL.
Configure ACL-based packet filtering in the interzone.
Configure the S7700 as follows:
[Quidway] vlan 10
[Quidway-vlan10] quit
[Quidway] interface gigabitethernet 1/0/10
[Quidway-GigabitEthernet1/0/10] port link-type access
[Quidway-GigabitEthernet1/0/10] port default vlan 10
[Quidway-GigabitEthernet1/0/10] quit
[Quidway] vlan 20
[Quidway-vlan20] quit
[Quidway] interface gigabitethernet 1/0/11
[Quidway-GigabitEthernet1/0/11] port link-type access
[Quidway-GigabitEthernet1/0/11] port default vlan 20
[Quidway-GigabitEthernet1/0/11] quit
[Quidway] interface Eth-Trunk 0
[Quidway-Eth-Trunk0] port link-type trunk
[Quidway-Eth-Trunk0] port trunk allow-pass vlan 10 20
[Quidway-Eth-Trunk0] trunkport XGigabitEthernet 5/0/0
[Quidway-Eth-Trunk0] trunkport XGigabitEthernet 5/0/1
[Quidway-Eth-Trunk0] quit
Configure the SPU as follows:
[Quidway] sysname SPU
[SPU] interface Eth-trunk0
[SPU-Eth-trunk0] trunkport XGigabitEthernet 0/0/1
[SPU-Eth-trunk0] trunkport XGigabitEthernet 0/0/2
[SPU-Eth-trunk0] quit
[SPU] interface Eth-trunk0.1
[SPU-Eth-trunk0.1] control-vid 10 dot1q-termination
[SPU-Eth-trunk0.1] dot1q termination vid 10
[SPU-Eth-trunk0.1] ip address 129.38.1.1 255.255.255.0
[SPU-Eth-trunk0.1] arp broadcast enable
[SPU-Eth-trunk0.1] quit
[SPU] interface Eth-trunk0.2
[SPU-Eth-trunk0.2] control-vid 20 dot1q-termination
[SPU-Eth-trunk0.2] dot1q termination vid 20
[SPU-Eth-trunk0.2] ip address 202.39.2.1 255.255.0.0
[SPU-Eth-trunk0.2] arp broadcast enable
[SPU-Eth-trunk0.2] quit
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
69
Advertisement
Table of Contents
