3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Attack Prevention and Packet Statistics Configuration Example 167
Attack Prevention and
Packet Statistics
Configuration
Example
Enabling the Land
Attack Prevention
Function
Network requirements
On the Firewall module, add GigabitEthernet 0/0.1, GigabitEthernet 0/0.2 and
GigabitEthernet 0/0.3 sub-interfaces to the trust zone, untrust zone, DMZ
respectively.
Network diagram
Figure 31 Network diagram for firewall attack prevention configuration
Configuration procedure
Switch 8807 (SecBlade)
# Divide VLANs.
<SW8800> system-view
[SW8800] vlan 10
[3Com-vlan10] quit
[SW8800] vlan 30
[3Com-vlan30] quit
[SW8800] vlan 50
[3Com-vlan50] quit
[SW8800] vlan 60
[3Com-vlan60] quit
SecBlade
S8505
Vlan
60
Vlan10
Vlan
50
Vlan
30
Trust Zone
Untrust
Zone
10.0.0.1/24
30.0.0.1/24
10.0.0.254/24
DMZ Zone
Server
60.0.0.1/24
Vlan
60
Vlan
50
PC_B
50.0.0.254/24
60.0.0.254/24
50.0.0.1/24
30.0.0.254/24
SecBlade
S8800
Vlan
60
Vlan10
Vlan
50
Vlan
30
Trust Zone
Untrust
Zone
10.0.0.1/24
30.0.0.1/24
10.0.0.254/24
DMZ Zone
Server
60.0.0.1/24
Vlan
60
Vlan
50
PC_B
50.0.0.254/24
60.0.0.254/24
50.0.0.1/24
30.0.0.254/24