How to configure the IPS module on H3C 7510e switch

PART 1 IPS MODULE CONFIGURATION GUIDE FOR 7510E H3C SWITCH 

Core switch configuration on 7510E switch 

1, IPs module is inserted on module 8 on 7510 E chassis,

#

2, We should create dummy vlan for ips module,

#

Vlan 870 primary vlan for ips module

interface Vlan-interface870

 Description IPS vlan

 ip address 192.168.7.1 255.255.255.248

#

3, Second vlan for second ips module 

#Vlan 871 secondary vlan for second module

Interface Vlan-interface871

Description secondary ips vlan

 Ip address 192.168.8.1 255.255.255.252

#

Ips module configuration

interface Ten-GigabitEthernet1/8/0/1

 port link-type trunk

 port trunk permit vlan all

 port trunk pvid vlan 870-----------------Dummy vlan

 port connection-mode extend

 mac-address mac-learning disable-------should disable the Mac learning on this interface

#

4, This command will help for communicating to  ips module .Without this we cannot view the interface on IPS module 

#

 acfp server enable :-------à Need to enable on core switch (7510e)

#

 acsei server enable:------à Need to enable on core switch (7510e)

#

Snmp strings for IPS module

Snmp-agent sys-info version all

Snmp-agent group v3 ips read-view iso write-view iso

Snmp-agent group v3 ips1 read-view iso write-view iso

snmp-agent usm-user v3 ips ips

Snmp-agent usm-user v3 ips1 ips

It will provide you up/down log for ips module in 7510e   

Inode Software download

https://docs.google.com/leaf?id=0B5xs49dCPrhnZWZmMGE4MzQtZWE4OC00ZDFhLWJmZjQtZjg5YmJlZTQ3Yjkz&hl=en_US

I-node for H3C vpn client windows Xp version (40 mb file size)



Hp inode client for windows 7


I-node for H3C vpn client windows 7/vista version  (159 mbps)


New inode client from h3c/hp

New version inode will support window 7 version .

https://docs.google.com/open?id=0B5xs49dCPrhndDRWRkFBdWFRb09JdGpKYnA4ZHYwZw

HP MSR Router boot sequence

System is starting...

Do you want to check SDRAM? [Y/N]

Booting Normal Extend BootWare...



****************************************************************************

*                                                                          *

*                  H3C MSR20-10  BootWare, Version 2.23                    *

*                                                                          *

****************************************************************************

Copyright (c) 2004-2010 Hangzhou H3C Technologies Co., Ltd.



Compiled Date       : Aug 10 2010

CPU Type            : MPC8323E

CPU L1 Cache        : 16KB

CPU Clock Speed     : 333MHz

Memory Type         : DDR SDRAM

Memory Size         : 256MB

Memory Speed        : 266MHz

BootWare Size       : 1024KB

CPLD Version        : 1.0

PCB Version         : 3.0





BootWare Validating...

Press Ctrl+B to enter extended boot menu...

Starting to get the main application file--flash:/main.bin!.................(IOS file in router)

............................................................................

............................................................................

.......

The main application file is self-decompressing............................. (Unzipping the ios bin file into memory )

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

............................................................................

..............................................................

Done!

System application is starting...

id=0x19500fff,proc=0x50af5c
id=0x19510fff,proc=0x33cb5a8
id=0x19518fff,proc=0x34fa618
id=0x19700100,proc=0x50c6bc
id=0x19700fff,proc=0xdcf818
id=0x19703fff,proc=0xdc9754
id=0x1a000fff,proc=0x2035760
id=0x1cfff000,proc=0x1f8b57c
id=0x26000fff,proc=0xa9b244
id=0x27607100,proc=0x50a610
Startup configuration file does not exist.  ---------->(checks for start up configuration because the router is new there is no startup configuration on router)
It will take a long time to get configuration file, please wait...
Retrieving configuration file failed!

User interface aux0 is available.



Press ENTER to get started.
<H3C>
#Jan  1 00:01:30:330 2007 H3C SHELL/4/LOGIN:    (Log messages )
 Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1<hh3cLogIn>: login from Console
%Jan  1 00:01:30:330 2007 H3C SHELL/5/SHELL_LOGIN: Console logged in from aux0.
<H3C>
<H3C>--------------> User prompt

How to configure telnet in H3C firewall (sec path 1000e)

#

user-interface vty 0 4

user privilege level 3      (Admin Level in h3c devices like Level 15 in cisco )

 set authentication password simple 123@123     (password is test simple unencrypted )


#

Hp Alerts updates for IMC New updates

HP has made an update available to resolve the vulnerabilities.     Location HP Intelligent Management Center User Access Manager (UAM) IMC_UAM_5.0_SP1_E0101P03     https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JF388A HP Intelligent Management Center Endpoint Admission Defense (EAD) IMC_EAD_5.0_SP1_E0101P03     https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JF391A HISTORY Version:1 (rev.1) - 30 June 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Case #1# H3C IPS # Issue: Licensing issues with the Sec Center IPS Manager #

Error for ips licenses issue

Issues :- Issue: Licensing issues with the Sec Center IPS Manager

Product: HP A-IMC Sec Center IPS Manager Software

Product Number: JF223A

 

Solution :-

Host information of the PC server may be changed, so the license
file is invalid.


1.   From the navigation tree, select License Application under License
Management to enter the user information page, as shown in Figure 1.

2.   Type your information as required and click Apply. The following
page appears, as shown in Figure 2.

3.   Click Download to download the host information file, and save it to
a file.





About host file :-
http://en.wikipedia.org/wiki/Hosts_%28file%29

From Huawei to HP

This post will be slightly atypical for this blog, but I think it is rather important to sum up what happened in last approximately three years. I’ll try summarize some history behind the Huawei/H3C/3Com/HP products. The reason for this “history” lesson is that quite a lot of people is confused of what was/is/will be and that is mostly thanks to communication from biased sales representatives and some strange articles that could be found on the Internet. So without further delays – let’s get to the history.

2003 – H3C Joint Venture

A this date emerging Chinese company (outside China mostly known just for its copyright war with Cisco systems) created a joint venture with and declining US company 3Com. This enterprise has a lucky beginnings – 3Com’s name was still widely known (even though the company didn’t have a new product in ages at this point) and the $160M  was a great contribution to the starting point. Huawei provided R&D, human resources and an entry point to the massive and ever hungry Chinese market. This joint venture was named H3C. There was one important glitch in the agreement though – 3com will have the option to buy majority in H3C after two years.

2006 – From Huawei to 3Com

After some negotiations the controlling 2% share in the company was bought by 3Com for $28M and later also the rest of the shares owned by Huawei were bought. And that is how 3Com became the only owner of H3C company. The sell of the remaining shares was approved on November 29, 2006. In an attempt to keep at least some control in the company Huawei tried to buy 16% share in 3Com itself. This was stopped by US authorities as they were afraid of the possibility that some strategically important data might be revealed as 3Com equipment was used by Pentagon.
After this attempt it became obvious that the relationships between Huawei and H3C will decline (even though Huawei was still the biggest customer of H3c with over 50% share). So that is the time when VRP stopped to be VRP on H3C and became Commware and that is also the time of the launch of the “metro” switching platform (also known as PTN in Huawei Optix line). To be exact last “Huawei” VRP is VRP4.x all marked as VRP5.x is Commware. This is beginning of  significant technological difference (not that there wouldn’t be any differences before – there were but rather minor in both HW so as SW) between Huawei and 3Com/H3C products.

2008 – 2010 from 3Com to HP

The H3C company helped 3Com to return into the high-end segment but also left the company without much needed cash which gradually led to talks about buyout from somebody else (in 2009 it was sure that that “somebody” will be HP). At this point Huawei started with replacement of all H3C low-end and mid-end datacom devices in its portfolio and thus returned at least two years back in development. The other thing that happened is that HP moved the unfortunate Procurve line where it belonged long time ago (via “merging the portfolios”).
Well you might ask why I wrote this article (even though I already described the reasons at the beginning).  I think it is necessary to clear out all the sales crap-talk about “continuity”, “compatibility” etc. So basically what has happened is:
Huawei has new (low-end and mid-end) datacom lines are totally separately developed and have nothing in common with their previous equipment (even though the CLI looks similar on some devices).
HP integrated the  H3C/3Com portfolios  and is leaving the Procurve line behind. Which means (at least from the looks of it) that there will be continuity of the H3C products but there seems to be no further development of the “ProCurve” line planned.

Ospf Lab for H3C

In this lab exercise, you will:

l  Know the basic configuration of VLAN, IP address, etc.

l  Know OSPF configuration

l  Know telnet configuration

IP Address Design

Device	Interface	IP Address
S9500	Vlan interface 10	10.10.10.1/30
	Vlan interface 20	10.10.20.1/30
S5500-EI_1	Vlan interface 10	10.10.10.2/30
	Vlan interface 1	10.10.1.14/28
	Vlan interface 2	10.10.2.254/24
S5500-EI_2	Vlan interface 20	10.10.20.2/30
	Vlan interface 1	10.10.1.30/28
	Vlan interface 3	10.10.3.254/24
S3100-EI_1	Vlan interface 1	10.10.1.1/28
S3100-EI_2	Vlan interface 1	10.10.1.17/28

Step1：Rename the switch

<H3C>system-view

[H3C]sysname S3100-EI_1

[S3100-EI_1]

Step2：Configure VLAN 2 for PC_1

[S3100-EI_1]vlan 2

[S3100-EI_1-vlan2]    

Step3：Configure Port connected PC_1 to VLAN 2

[S3100-EI_1-vlan2]port Ethernet 1/0/1

Step4：Configure uplink port E1/0/8.                                                       

[S3100-EI_1]interface eth 1/0/8

[S3100-EI_1-Ethernet1/0/8]port link-type trunk

[S3100-EI_1-Ethernet1/0/8]port trunk permit vlan all

[S3100-EI_1-Ethernet1/0/8]description Uplink Port

Step5：Configure IP address for interface VLAN 1.                                                       

[S3100-EI_1]int vlan 1

[S3100-EI_1-Vlan-interface1]ip add 10.10.1.1 28

[S3100-EI_1-Vlan-interface1]description For management

Step6：Configure a static route for the switch

[S3100-EI_1]ip route-static 0.0.0.0 0.0.0.0 10.10.1.14

Step7：Configure telent for this switch.  

[S3100-EI_1]user-interface vty 0 4

[S3100-EI_1-ui-vty0-4]authentication-mode password

[S3100-EI_1-ui-vty0-4]set authentication password simple 3comtrain

[S3100-EI_1-ui-vty0-4]user privilege level 3

 

Step8：Save Configuration.

[S3100-EI_1]quit

<S3100-EI_1>save

 

After finished the configuration on S3100-EI_1, perform the configuration on S3100-EI_2. Use the IP address and route for S3100-EI_2 specified in the table above.

 

Mission2：Configure basic VLAN, IP address on S5500-EI_1

Step1：login to the switch.

connect your console cable to the console port, set the login software as:

   band rate: 9600

   Data bits:   8

   Parity:     none

   Stop bit:     1

Then hit enter.

Step2：Rename the switch

<H3C>system-view

[H3C]sysname S5500-EI_1

[S5500-EI_1]

Step3：Configure VLAN 2 for PC_1

[S5500-EI_1]vlan 2

[S5500-EI_1-vlan2]    

Step4：Configure IP address for interface VLAN 2

[S5500-EI_1-vlan2]interface vlan 2

[S5500-EI_1-Vlan-interface2]ip add 10.10.2.254 24

[S5500-EI_1-Vlan-interface2]description For connecting PC

Step5：Configure IP address for interface VLAN 1

[S5500-EI_1]interface vlan 1

[S5500-EI_1-Vlan-interface1]ip add 10.10.1.14 28

[S5500-EI_1-Vlan-interface1]description For management

Step6：Configure Port connected S3100-EI_1

[S5500-EI_1]interface g 1/0/1

[S5500-EI_1-GigabitEthernet1/0/1]port link-type trunk

[S5500-EI_1-GigabitEthernet1/0/1]port trunk permit vlan all

[S5500-EI_1-GigabitEthernet1/0/1]description To_S3100-EI_1

After this step, you should PING through S3100-EI_1 and PC_1 from S5500EI_1.

Step7：Configure VLAN 10, the port belonging to it and the IP address for interface VLAN 10 to connect to S9500

[S5500-EI_1]vlan 10

[S5500-EI_1-vlan10]port g 1/0/24

[S5500-EI_1-vlan10]interface vlan 10

[S5500-EI_1-Vlan-interface10]ip add 10.10.10.2 30

[S5500-EI_1-Vlan-interface10]description To-S9500

Step8：Configure OSPF

[S5500-EI_1]router id 10.10.20.14

[S5500-EI_1]ospf 1

[S5500-EI_1-ospf-1]area 0

[S5500-EI_1-ospf-1-area-0.0.0.0]network 10.10.1.0 0.0.0.15

[S5500-EI_1-ospf-1-area-0.0.0.0]network 10.10.2.0 0.0.0.255

[S5500-EI_1-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.3   

Here, there are only 3 devices to run OSPF, so we can put them all into area 0. If there were a lot of devices, you would divide the devices into several areas.

Step9：Configure telnet for the switch

[S5500-EI_1]user-interface vty 0 4

[S5500-EI_1-ui-vty0-4]authentication-mode password

[S5500-EI_1-ui-vty0-4]set authentication password simple 3comtrain

[S5500-EI_1-ui-vty0-4]user privilege level 3                                                      

After this step, you can telnet to this device with the password 3comtrain.                                                                                                                      

Step10：Save Configuration.

[S5500-EI_1]quit

<S5500-EI_1>save

After finishing the configuration on S5500-EI_1, configure S5500-EI_2. Use the IP address and route for S5500-EI_2 specified in the table above.

Mission3：Configure basic VLAN, IP address on S9500.

Step1：login to the switch.

connect your console cable to the console port, set the login software as:

   band rate: 9600

   Data bits:   8

   Parity:     none

   Stop bit:     1

Then hit enter.

Step2：Rename the switch

<H3C>system-view

[H3C]sysname S9500

[S9500]

Step3：Configure VLAN 10, the port belonging to it and IP address for interface VLAN 10 to connect to S5500-EI_1

[S9500]vlan 10

[S9500-vlan10]port g 2/1/1

[S9500-vlan10]interface vlan 10

[S9500-Vlan-interface10]ip add 10.10.10.1 30

[S9500-Vlan-interface10]description To-S5500-EI_1

Step4：Configure VLAN20, the port belonging to it and IP address for interface VLAN 20 to connect to S5500-EI_2

[S9500]vlan 20

[S9500-vlan20]port g 2/2/1

[S9500-vlan20]interface vlan 20

[S9500-Vlan-interface20]ip add 10.10.20.1 30

[S9500-Vlan-interface20]description To-S5500-EI_2

Step5：Configure OSPF

[S9500]router id 10.10.20.1

[S9500]ospf 1

[S9500-ospf-1]area 0

[S9500-ospf-1-area-0.0.0.0]network 10.10.10.0 0.0.0.3

[S9500-ospf-1-area-0.0.0.0]network 10.10.20.0 0.0.0.3   

Step6：Configure telnet for the switch

[S9500]user-interface vty 0 4

[S9500-ui-vty0-4]authentication-mode password

[S9500-ui-vty0-4]set authentication password simple 3comtrain

[S9500-ui-vty0-4]user privilege level 3                                                      

After this step, you can telnet to this device with the password 3comtrain.

Step7：Save Configuration.

[S9500]quit

<S9500>save