Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
2.15.2 Example for Configuring ASPF and Port Mapping
This example shows the application of ASPF and port mapping on a network. The SPU can
detect the packets of the specified application-layer protocols and discard the undesired packets.
Networking Requirements
As shown in
security, and Eth-Trunk0.2 is connected to the external network with low security. The SPU
must filter the communication packets and perform ASPF check between the internal network
and the external network. The requirements are as follows:
l
l
l
l
The SPU is installed in slot 5 of the S9700.
Issue 01 (2012-03-15)
#
return
Configuration file of the S9700
#
vlan batch 10 20
#
interface GigabitEthernet1/0/10
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/11
port link-type trunk
port trunk allow-pass vlan 20
#
interface Eth-Trunk 0
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface
XGigabitEthernet 5/0/0
Eth-Trunk 0
#
interface
XGigabitEthernet 5/0/1
Eth-Trunk 0
#
return
Figure
2-3, Eth-Trunk0.1 of the SPU is connected to an internal network with high
A host (202.39.2.3) on the external network is allowed to access the server in the internal
network.
Other hosts are not allowed to access the server on the internal network.
The SPU checks the FTP status of the connections and filters the undesired packets.
The packets from the external host are sent to the FTP server through port 2121, which is
used as the port for the FTP protocol.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
71
Advertisement
Table of Contents
