Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Figure 2-4 Networking of blacklist configuration
Enterprise
network
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
6.
7.
Procedure
Step 1 Import flows from the S9700 to the SPU.
1.
2.
Issue 01 (2012-03-15)
Server
Import flows from the S9700 to the SPU.
Configure zones and the interzone.
Add interfaces to the zones.
Enable the blacklist function.
Add entries to the blacklist.
Enable the defense against IP address sweeping or port scanning attack.
Configure the maximum session rate and blacklist timeout for the defense against IP address
sweeping or port scanning attack.
Configure the S9700 as follows:
<Quidway> system-view
[Quidway] vlan batch 101 to 102
[Quidway] interface GigabitEthernet2/0/1
[Quidway-GigabitEthernet2/0/1] port link-type trunk
[Quidway-GigabitEthernet2/0/1] port trunk allow-pass vlan 101
[Quidway-GigabitEthernet2/0/1] quit
[Quidway] interface GigabitEthernet2/0/2
[Quidway-GigabitEthernet2/0/2] port link-type trunk
[Quidway-GigabitEthernet2/0/2] port trunk allow-pass vlan 102
[Quidway-GigabitEthernet2/0/2] quit
[Quidway] interface Eth-Trunk 1
[Quidway-Eth-Trunk1] port link-type trunk
[Quidway-Eth-Trunk1] port trunk allow-pass vlan 101 to 102
[Quidway-Eth-Trunk1] trunkport XGigabitEthernet 5/0/0
[Quidway-Eth-Trunk1] trunkport XGigabitEthernet 5/0/1
[Quidway-Eth-Trunk1] quit
Configure the SPU as follows:
<SPU> system-view
[SPU] interface Eth-Trunk 1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 101
Eth-Trunk1.1
XGE5/0/0
XGE5/0/1
Eth-Trunk1.2
VLAN 102
GE2/0/1
GE2/0/2
Switch
2 Firewall Configuration
76
Advertisement
Table of Contents
