3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
114 CHAPTER 7: FIREWALL CONFIGURATION
[3Com-secblade-test] secblade-interface vlan-interface 30
# Set the protected VLAN.
[3Com-secblade-test] security-vlan 50
# Map the module to the specified slot.
[3Com-secblade-test] map to slot 2
[3Com-secblade-test] quit
[SW8800] quit
# Log into the module on the specified slot.
<SW8800> secblade slot 2 (Both the default user name and password are SecBlade)
user: SecBlade
password: SecBlade
<secblade> system-view
# Create the sub-interface.
[secblade] interface GigabitEthernet 0/0.1
[secblade-GigabitEthernet0/0.1] vlan-type dot1q vid 30
[secblade-GigabitEthernet0/0.1] ip address 30.0.0.254 24
[secblade-GigabitEthernet0/0.1] quit
[secblade] interface GigabitEthernet 0/0.2
[secblade-GigabitEthernet0/0.2] vlan-type dot1q vid 50
[secblade-GigabitEthernet0/0.2] ip address 50.0.0.254 24
[secblade-GigabitEthernet0/0.2] quit
# Add the sub-interface of the internal network to the trust zone.
[secblade] firewall zone trust
[secblade-zone-trust] add interface GigabitEthernet 0/0.1
[secblade-zone-trust] quit
# Add the sub-interface of the external network to the untrust zone.
[secblade] firewall zone untrust
[secblade-zone-untrust] add interface GigabitEthernet 0/0.2
[secblade-zone-untrust] quit
# Configure the static route.
[secblade] ip route-static 0.0.0.0 0 50.0.0.1
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
# Insert the IP address of the client PC into the black list.
[secblade] firewall blacklist 202.0.0.1 timeout 100
# Enable the black list.
[secblade] firewall blacklist enable
Based on the above configuration, all the packets sent from the client PC will be
denied within the aging period 100 minutes. After that period, the packet sent
from the client PC can pass the firewall.