H3C S9500 Series Operation Manual page 103

Routing switches

Hide thumbs Also See for S9500 Series:

Command manual (1842 pages)

Operation manual (1504 pages)

Operating manual (76 pages)

Table of Contents

Operation Manual – Port

H3C S9500 Series Routing Switches

Controlling means that the IDS monitors traffic data from mirroring ports. When

detecting suspicious traffic data, the IDS device sends to a switch (router) or firewall the

traffic data protocol header information (IP/TCP/UDP/ICMP) and action information.

The switch (router) or firewall blocks the specified traffic or port.

II. Network diagram

IDS 192.168.1.247

Attacking computer

Attacked computer

192.168.1.205

被攻击机 192.168.1.205

192.168.1.205

Figure 6-1 Network diagram for IDS linkage configuration

III. Configuration procedure

Only the commands related to the switch (router) are listed here.

<H3C> system-view

[H3C] mirroring-group 1 inbound Ethernet 3/1/1 mirrored-to Ethernet 3/1/48

[H3C]vlan 192

[H3C-vlan192]port Ethernet3/1/1 Ethernet3/1/3 Ethernet3/1/5 Ethernet3/1/47

[H3C-vlan192]interface vlan-interface 192

[H3C-Vlan-interface192]ip add 192.168.1.1 255.255.255.0

[H3C] interface Ethernet 3/1/1

[H3C-Ethernet3/1/1] ids-acl enable

[H3C-Ethernet3/1/1] display ids all

Detecting port

Ethernet3/1/48

攻击机 192.168.1.20

192.168.1.20

Ethernet3/1/3

Management port

Ethernet3/1/47

Ethernet3/1/3

Chapter 6 IDS Linkage Configuration

Ethernet3/1/5

Chapters

Table of Contents

Troubleshooting

S9505 S9508 S9512

H3C S9500 Series Operation Manual page 103

Chapters

Troubleshooting

Related Manuals for H3C S9500 Series

Related Products for H3C S9500 Series

This manual is also suitable for:

Table of Contents