Configuring zones of the CX210


Zone configuration is required only when a network requires device isolation for security purposes. In this way, access permissions for different devices that are connected to the same switch are configured.
For details, see "Configuring the CX210" in the CX210 Switch Module V100R001C10 User Guide.
Adjusting OceanStor 9000's zones and zone attributes
Procedure for adjusting OceanStor 9000's zones and zone attributes: 1. Log in to DeviceManager. 2. Check licenses in the storage system. Load balancing provided by the InfoEqualizer feature is a value-added feature, so you must ensure that each license file in the storage system includes information about InfoEqualizer. Choose Settings > License Management > Active License and check whether the activated licenses contain information about InfoEqualizer. If information about InfoEqualizer is not contained, follow the displayed instructions to import and activate the required license. 3. Create a zone. OceanStor 9000 has a default zone root. Administrators can create more zones based on service requirements. The owning subnet of a zone can be configured using the subnet CONFIGURE item in zone CONFIGURE. a. Choose Settings > Cluster Settings > InfoEqualizer > Zone Management. b. Click Create. In the Create Zone dialog box, enter the required information and click OK. 4. Migrate nodes. After zones are created, nodes can be migrated from the root zone to other newly created zones. a. In the zone list, select a newly created zone. b. Click Add above the node list. c. In the Add Node dialog box that is displayed, select nodes that you want to migrate to the zone and click OK. Note: The Add Node dialog box displays nodes in the root zone.

Whether a security policy shall be configured between the zone where the heartbeat interface resides and Local zone
If remote is not set when heartbeat interfaces are configured, the heartbeat packets are encapsulated into VRRP packets, and the device that has no security policy can properly process the heartbeat packets. If remote is set when heartbeat interfaces are configured, the heartbeat packets are encapsulated into UDP packets, and a correct security policy needs to be configured for the interzone between the Local zone and the security zone where the heartbeat interfaces reside, which enables the device to properly send and receive the heartbeat packets.

Configure the system time zone for a CE series switch
Run the clock timezone time-zone-name { add | minus } offset command in the user view or system view to configure the local time zone for a switch. By default, the time zone is not configured and a switch uses the default value Time Zone(DefaultZoneName): UTC. For example, if a switch is located in Beijing, China, set the local time zone name to BJ and the time zone to UTC+8. clock timezone BJ add 08:00:00

Assigning a VLANIF interface to a security zone
Perform as follows to assign a VLANIF interface to a security zone on the USG: [FW] vlan 10 [FW-vlan-10] quit [FW] interface Vlanif 10 [FW-Vlanif10] quit [FW] interface GigabitEthernet 0/0/1 [FW-GigabitEthernet0/0/1] portswitch [FW-GigabitEthernet0/0/1] port link-type trunk [FW-GigabitEthernet0/0/1] port trunk permit vlan 10 [FW-GigabitEthernet0/0/1] quit [FW] firewall zone name trust1 [FW-zone-trust1] set priority 10 [FW-zone-trust1] add interface Vlanif 10 [FW-zone-trust1] quit

