3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

101

102

103

104

105

106

107

108

109

110

Configuring ASPF 109

# Create SecBlade test.

[SW8800] secblade test

# Specify the SecBlade interface VLAN.

[3Com-secblade-test] secblade-interface vlan-interface 30

# Set the protected VLAN.

[3Com-secblade-test] security-vlan 50

# Map the module to the specified slot.

[3Com-secblade-test] map to slot 2

[3Com-secblade-test] quit

[SW8800] quit

# Log into the module card of the specified slot.

<SW8800> secblade slot 2 (Both the default user name and password are SecBlade)

user: SecBlade

password: SecBlade

<secblade> system-view

# Create the sub-interface.

[secblade] interface GigabitEthernet 0/0.1

[secblade-GigabitEthernet0/0.1] vlan-type dot1q vid 30

[secblade-GigabitEthernet0/0.1] ip address 30.0.0.254 24

[secblade-GigabitEthernet0/0.1] quit

[secblade] interface GigabitEthernet 0/0.2

[secblade-GigabitEthernet0/0.2] vlan-type dot1q vid 50

[secblade-GigabitEthernet0/0.2] ip address 50.0.0.254 24

[secblade-GigabitEthernet0/0.2] quit

# Add the sub-interface of the internal network to the trust zone.

[secblade] firewall zone trust

[secblade-zone-trust] add interface GigabitEthernet 0/0.1

[secblade-zone-trust] quit

# Add the sub-interface of the external network to the untrust zone.

[secblade] firewall zone untrust

[secblade-zone-untrust] add interface GigabitEthernet 0/0.2

[secblade-zone-untrust] quit

# Configure the static route.

[secblade] ip route-static 0.0.0.0 0 50.0.0.1

[secblade] ip route-static 10.0.0.0 24 30.0.0.1

# Enable the firewall on the module.

[secblade] firewall packet-filter enable