Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
131132133134135136137138139140
Transparent Firewall Configuration Example 131
[3Com-secblade-test] map to slot 2
[3Com-secblade-test] quit
[SW8800] quit
# Log into the module on the specified slot.
<SW8800> secblade slot 2 (Both the default user name and password are SecBlade)
user: SecBlade
password: SecBlade
<secblade> system-view
# Configure the Firewall module to operate in transparent mode.
[secblade] firewall mode transparent
# Create the sub-interface.
[secblade] interface GigabitEthernet 0/0.1
[secblade-GigabitEthernet0/0.1] vlan-type dot1q vid 10
[secblade-GigabitEthernet0/0.1] quit
[secblade] interface GigabitEthernet 0/0.2
[secblade-GigabitEthernet0/0.2] vlan-type dot1q vid 50
[secblade-GigabitEthernet0/0.2] quit
[secblade] interface GigabitEthernet 0/0.3
[secblade-GigabitEthernet0/0.3] vlan-type dot1q vid 60
[secblade-GigabitEthernet0/0.3] quit
# Add the sub-interface of the internal network to the trust zone.
[secblade] firewall zone trust
[secblade-zone-trust] add interface GigabitEthernet 0/0.1
[secblade-zone-trust] quit
# Add the sub-interface of the external network to the untrust zone.
[secblade] firewall zone untrust
[secblade-zone-untrust] add interface GigabitEthernet 0/0.2
[secblade-zone-untrust] quit
# Add the DMZ sub-interface to the DMZ.
[secblade] firewall zone dmz
[secblade-zone-DMZ] add interface GigabitEthernet 0/0.3
[secblade-zone-DMZ] quit
# Configure the ACL rule on the basis of the MAC address.
[secblade] acl number 4000
[secblade-acl-ethernetframe-4000] rule permit source-mac
000f-1f7e-fec5 0000-0000-0000
[secblade-acl-adv-3000] quit
# Configure packet filtering.
[secblade] interface GigabitEthernet 0/0.2
[secblade-GigabitEthernet0/0.2] firewal ethernet-frame-filter 4000 outbound
[secblade] interface GigabitEthernet 0/0.3
[secblade-GigabitEthernet0/0.3] firewal ethernet-frame-filter 4000 outbound