How to configure single independent SC for crossing between private and public network

Publication Date:  2014-10-31 Views:  137 Downloads:  0
Issue Description
The topology as below, The single independent SC been put into the DMZ area, how to configure after its hardware installed.

First  check the version match of SMC and SC ,you can find the match map in release note
 - HUAWEI SMC2.0 V100R003C00 Windows 2008 Server R2 SP1 SQL Server Express
 - HUAWEI SwitchCenter V100R005C00 EulerLinux PostgreSQL 9.3.1 JRE:Java Runtime Enviroment 1.7.0_45
NOTES :the version of  SC should found in the R005 path , not in R003 path  

As shown in this network diagram, the SC needs 2 IPs to be configured (If these two IP both are DMZ IP, they have to be in different VLAN
 - One is inner network IP, that links to SMC2.0 and let the inner terminals register.
 - One is DMZ IP which will be mapped to a static public IP (NAT) to connect outside terminals.

Using SSH to log in SC, The default  user/pwd is admin/Change_Me;
1. ConfigSC’s two IPs
  <SC>system-view sys-c  network-config lan2 ipv4 address X.X.X.X netmask X.X.X.X gateway  X.X.X.X
  <SC>system-view sys-c  network-config lan1 ipv4 address X.X.X.X netmask X.X.X.X gateway  X.X.X.X
2. Add lan 1 (inner ip) to static-route  
  <SC>system-view static-route add dest-address 172.16.X.X  mask-or-prefix  network-port lan1
   NOTE: this static -route means when SC want connect a device of ip like 172.16.X.X, it will use this lan 1 port
3. Config the lan 2(DMZ ip ) as default-route (all the ip can’t find will use this ip to connect)
   <SC>system-view sys-config network-config default-route lan2
4. Set the NAT of Lan2
   <SC>system-view sys-config network-config lan1 ipv4-nat enable address NAT ip
5. Reboot-host to make all these setting is effect

after reboot , you can add SC's IP to manage ip or service ip
  1. <SC> display manage-ip     ------- check the manage IP   ,manage ip is use to connect SMC2.0 ,in this  case ,you need add inner ip to manage ip
  <SC> system-view sys-config security-config manage-ip add ip  --- use this command to add manage ip
 2.  <SC> display service-ip            ------- check the service IP ,service ip is the ip terminal can register to ,in this case ,both inner and dm zip should add
  <SC> system-view sys-config security-config service-ip add ip    ---- use this command to add service ip
  (you need connect the two lan port , or these command can’t show the right ip)
use command : Reboot     restart SC’s service  to make the setting effect

then you can start add sc on smc2.0 and register terminal to this SC, the steps are  just like   old R002 version, so I don't describe here