Huawei quidway s7700 Configuration Manual page 87

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
Figure 2-4 Networking of blacklist configuration
Enterprise
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
6.
7.
Procedure
Step 1 Import flows from the S7700 to the SPU.
1.
2.
Issue 01 (2011-07-15)
Server
Network
Import flows from the S7700 to the SPU.
Configure zones and the interzone.
Add interfaces to the zones.
Enable the blacklist function.
Add entries to the blacklist.
Enable the defense against IP address sweeping or port scanning attack.
Configure the maximum session rate and blacklist timeout for the defense against IP address
sweeping or port scanning attack.
Configure the S7700 as follows:
<Quidway> system-view
[Quidway] vlan batch 101 to 102
[Quidway] interface GigabitEthernet2/0/1
[Quidway-GigabitEthernet2/0/1] port link-type trunk
[Quidway-GigabitEthernet2/0/1] port trunk allow-pass vlan 101
[Quidway-GigabitEthernet2/0/1] quit
[Quidway] interface GigabitEthernet2/0/2
[Quidway-GigabitEthernet2/0/2] port link-type trunk
[Quidway-GigabitEthernet2/0/2] port trunk allow-pass vlan 102
[Quidway-GigabitEthernet2/0/2] quit
[Quidway] interface Eth-Trunk 1
[Quidway-Eth-Trunk1] port link-type trunk
[Quidway-Eth-Trunk1] port trunk allow-pass vlan 101 to 102
[Quidway-Eth-Trunk1] trunkport XGigabitEthernet 5/0/0
[Quidway-Eth-Trunk1] trunkport XGigabitEthernet 5/0/1
[Quidway-Eth-Trunk1] quit
Configure the SPU as follows:
<SPU> system-view
[SPU] interface Eth-Trunk 1
[SPU-Eth-Trunk1] trunkport XGigabitEthernet 0/0/1
[SPU-Eth-Trunk1] trunkport XGigabitEthernet 0/0/2
[SPU-Eth-Trunk1] quit
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 101
Eth-Trunk1.1
XGE5/0/0
XGE5/0/1 Eth-Trunk1.2
VLAN 102
GE2/0/1 GE2/0/2
Switch
2 Firewall Configuration
76