H3C SR6600 SPE-FWM Configuration Manual Download Page 17

Page: 17 / 24

2-11

For more information about the

snmp-agent trap enable

command, see

SNMP

in the

Network

Management and Monitoring Command Reference

Displaying and Maintaining ACFP

To do…

Use the command…

Remarks

Display the configuration
information of the ACFP server

display acfp server-info

Display the configuration
information of an ACFP client

display acfp client-info

[

client-id

]

Display the configuration
information of an ACFP policy

display acfp policy-info

[

client

client-id

[

policy-index

] |

dest-interface

interface-type interface-number

in-interface

interface-type

interface-number

out-interface

interface-type interface-number

] [

active

inactive

]

Display ACFP rule configuration
information

display acfp rule-info

{

in-interface

[

interface-type interface-number

] |

out-interface

[

interface-type

interface-number

] |

policy

[

client-id

policy-index

] }

Display ACFP rule cache
configuration information

display acfp rule-cache

[

in-interface

interface-type interface-number

out-interface

interface-type

interface-number

] *

Display the configuration
information of ACFP Trap

display snmp-agent trap-list

Available in any view

ACFP Configuration Example

Network Requirements

As shown in

Figure 2-2

, different departments are interconnected on the intranet through Router

(ACFP server).

ACFP client is connected to Router to control traffic on Router and analyzes traffic on the inbound

interface GigabitEthernet 1/2. After the traffic analysis by the ACFP client, all packets with the

inbound interface being GigabitEthernet 3/0//2 and source IP address being 192.168.1.1/24 are

permitted and all packets with the inbound interface being GigabitEthernet 3/0//2 and source IP

address being 192.168.1.2/24 are denied.

Summary of Contents for SR6600 SPE-FWM

Page 1: ...H3C SR6600 Routers OAA Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 20100930 C 1 08 Product Version SR6600 CMW520 R2420...

Page 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Page 3: ...R6600 Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter li...

Page 4: ...as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2...

Page 5: ...upgrading Obtaining Documentation You can access the most up to date H3C product documentation on the World Wide Web at http www h3c com Click the links on the top navigation bar to obtain different c...

Page 6: ...ration 2 5 ACFP Management 2 5 ACFP Information Overview 2 6 Using ACFP 2 9 ACFP Configuration Task List 2 9 Enabling the ACFP Server 2 9 Configuring ACFP Client 2 10 Enabling the ACFP Trap Function 2...

Page 7: ...evice it interacts with the device on data status information and control information through its internal service interfaces Logging In to the Operating System of an OAP Card Logging In Through the C...

Page 8: ...ou can log in to the operating system of an OAP card through its internal Ethernet interface To configure the OAP card as the SSH server follow these steps 1 Log in to the OAP card through the console...

Page 9: ...ntals Configuration Guide Resetting the System of an OAP Card If the operating system works abnormally or is under other anomalies you can reset the system of an OAP card with the following command wh...

Page 10: ...r manufacturers to be plugged or connected to these legacy networking devices for cooperating to handle these services This gives full play to the advantages of respective manufacturers for better sup...

Page 11: ...nt which can then execute the instructions received because it supports SNMP agent In this process the cooperating MIB is the key to associating the two components with each other ACFP Management ACFP...

Page 12: ...FP server information contains the following z Supported working modes host pass through mirroring and redirect An ACFP server can support multiple working modes among these four at the same time The...

Page 13: ...ent After the interface connected to the ACFP client is specified in the policy sent the ACFP server assigns it a global serial number that is the Context ID with each Context ID corresponding to an A...

Page 14: ...to not equal to greater than less than greater than and less than The following ending source port number takes effect only when the type is greater than and less than The source port number of the p...

Page 15: ...ce processing such as non Layer 2 QoS processing and non QoS service processing z With ACFP a stream cannot be mirrored or redirected to multiple ACFP clients z ACFP cannot process outbound packets z...

Page 16: ...t ACFP client had no response warnings ACFP server does not support the working mode of the ACFP client errors Expiration period of ACFP collaboration policy changed notifications ACFP collaboration r...

Page 17: ...ce number out interface interface type interface number policy client id policy index Display ACFP rule cache configuration information display acfp rule cache in interface interface type interface nu...

Page 18: ...olicyInIfIndex the policy destination interface is GigabitEthernet 3 0 3 by setting the node h3cAcfpPolicyDestIfIndex and the other parameters adopt the default values Configure the ACFP rule Configur...

Page 19: ...node h3cAcfpRuleAction the packets whose source IP address is 192 168 1 2 are matched by setting the node h3cAcfpRuleSrcMAC the wildcard mask of the source IP address mask is 0 0 0 255 by setting the...

Page 20: ...ule In this way it is a function supported by the OAP module Hardware and configurations needed in the two implementations are different This chapter will introduce them respectively z ACFP is designe...

Page 21: ...on requests with the multicast MAC address being 010F E200 0021 You cannot set this timer z The monitoring timer is used to periodically trigger the ACSEI client to send monitoring requests to the ACS...

Page 22: ...iguring the Monitoring Timer Follow theses steps to configure the monitoring timer To do Use the command Remarks Enter system view system view Enable the ACSEI server function acsei server enable Requ...

Page 23: ...ACSEI server view acsei server Restart the specified ACSEI client acsei client reboot client id Required Displaying and Maintaining ACSEI Server To do Use the command Remarks Display ACSEI client summ...

Page 24: ...FP Client 2 10 D Displaying and Maintaining ACFP 2 11 E Enabling the ACFP Server2 9 Enabling the ACFP Trap Function 2 10 F G H I Introduction to ACFP 2 4 Introduction to ACSEI3 14 J K L Logging In to...

Search results

Summary of Contents for SR6600 SPE-FWM

Reviews:

Related manuals for SR6600 SPE-FWM

Brands by name

Popular brands

H3C SR6600 SPE-FWM, Configuration Manual

Search results

Summary of Contents for SR6600 SPE-FWM

Reviews:

Related manuals for SR6600 SPE-FWM

Brands by name

Popular brands