background image

 

2-8 

z

 

Monitoring rules: that is, to monitor, analyze, and process the packets to be sent to the ACFP client. 

The action types corresponding to monitoring rules are 

redirect

 and 

mirror

z

 

Filtering rules: that is, to determine which packets to deny and which packets to permit. The action 

types corresponding to filtering rules are 

deny

 and 

permit

z

 

Restricting rules: that is, to determine the rate of which packets is to be restricted. The action type 

corresponding to restricting rules is 

rate

Rule information is described as follows: 

z

 

ClientID: ACFP client identifier. 

z

 

Policy index 

z

 

Rule index: rule identifier 

z

 

Status: It indicates whether the rule is applied successfully. 

z

 

Action: It can be mirror, redirect, deny, permit, or rate. 

z

 

Match all packets: It indicates whether to match all the packets. If yes, the following matching 

needs not be performed. 

z

 

Source MAC address 

z

 

Destination MAC address 

z

 

Starting VLAN ID 

z

 

Ending VLAN ID 

z

 

Protocol number in IP 

z

 

Source IP address 

z

 

Wildcard mask of source IP address 

z

 

Source port operator: Its type can be 

equal to

not equal to

greater than

less than

greater 

than and less than

. The following ending source port number takes effect only when the type is 

greater than and less than

. The source port number of the packets matched by the identifier 

must be greater than the starting source port number and less than the ending source port number. 

z

 

Starting source port number 

z

 

Ending source port number 

z

 

Destination IP address 

z

 

Wildcard mask of destination IP address 

z

 

Destination port number operator: Its type can be 

equal to

not equal to

greater than

less than

greater than and less than

. The following ending destination port number is meaning only when 

the type is 

greater than and less than

. The destination port number of the packets matched by 

the identifier must be greater than the starting destination port number and less than the ending 

destination port number. 

z

 

Starting destination port number 

z

 

Ending destination port number 

z

 

Pro: Protocol type, which can be GRE, ICMP, IGMP, OSPF, TCP, UDP, and IP. 

z

 

IP precedence: Packet precedence, a number in the range of 0 to 7. 

z

 

IP ToS: Type of Service (ToS) of IP 

z

 

IP DSCP: Differentiated Services Code Point (DSCP) of IP 

z

 

TCP flag: It indicates that some bits in the six flag bits (URG, ACK, PSH, RST, SYN, FIN) are 

concerned. 

Содержание SR6600 SPE-FWM

Страница 1: ...H3C SR6600 Routers OAA Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 20100930 C 1 08 Product Version SR6600 CMW520 R2420...

Страница 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Страница 3: ...R6600 Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter li...

Страница 4: ...as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2...

Страница 5: ...upgrading Obtaining Documentation You can access the most up to date H3C product documentation on the World Wide Web at http www h3c com Click the links on the top navigation bar to obtain different c...

Страница 6: ...ration 2 5 ACFP Management 2 5 ACFP Information Overview 2 6 Using ACFP 2 9 ACFP Configuration Task List 2 9 Enabling the ACFP Server 2 9 Configuring ACFP Client 2 10 Enabling the ACFP Trap Function 2...

Страница 7: ...evice it interacts with the device on data status information and control information through its internal service interfaces Logging In to the Operating System of an OAP Card Logging In Through the C...

Страница 8: ...ou can log in to the operating system of an OAP card through its internal Ethernet interface To configure the OAP card as the SSH server follow these steps 1 Log in to the OAP card through the console...

Страница 9: ...ntals Configuration Guide Resetting the System of an OAP Card If the operating system works abnormally or is under other anomalies you can reset the system of an OAP card with the following command wh...

Страница 10: ...r manufacturers to be plugged or connected to these legacy networking devices for cooperating to handle these services This gives full play to the advantages of respective manufacturers for better sup...

Страница 11: ...nt which can then execute the instructions received because it supports SNMP agent In this process the cooperating MIB is the key to associating the two components with each other ACFP Management ACFP...

Страница 12: ...FP server information contains the following z Supported working modes host pass through mirroring and redirect An ACFP server can support multiple working modes among these four at the same time The...

Страница 13: ...ent After the interface connected to the ACFP client is specified in the policy sent the ACFP server assigns it a global serial number that is the Context ID with each Context ID corresponding to an A...

Страница 14: ...to not equal to greater than less than greater than and less than The following ending source port number takes effect only when the type is greater than and less than The source port number of the p...

Страница 15: ...ce processing such as non Layer 2 QoS processing and non QoS service processing z With ACFP a stream cannot be mirrored or redirected to multiple ACFP clients z ACFP cannot process outbound packets z...

Страница 16: ...t ACFP client had no response warnings ACFP server does not support the working mode of the ACFP client errors Expiration period of ACFP collaboration policy changed notifications ACFP collaboration r...

Страница 17: ...ce number out interface interface type interface number policy client id policy index Display ACFP rule cache configuration information display acfp rule cache in interface interface type interface nu...

Страница 18: ...olicyInIfIndex the policy destination interface is GigabitEthernet 3 0 3 by setting the node h3cAcfpPolicyDestIfIndex and the other parameters adopt the default values Configure the ACFP rule Configur...

Страница 19: ...node h3cAcfpRuleAction the packets whose source IP address is 192 168 1 2 are matched by setting the node h3cAcfpRuleSrcMAC the wildcard mask of the source IP address mask is 0 0 0 255 by setting the...

Страница 20: ...ule In this way it is a function supported by the OAP module Hardware and configurations needed in the two implementations are different This chapter will introduce them respectively z ACFP is designe...

Страница 21: ...on requests with the multicast MAC address being 010F E200 0021 You cannot set this timer z The monitoring timer is used to periodically trigger the ACSEI client to send monitoring requests to the ACS...

Страница 22: ...iguring the Monitoring Timer Follow theses steps to configure the monitoring timer To do Use the command Remarks Enter system view system view Enable the ACSEI server function acsei server enable Requ...

Страница 23: ...ACSEI server view acsei server Restart the specified ACSEI client acsei client reboot client id Required Displaying and Maintaining ACSEI Server To do Use the command Remarks Display ACSEI client summ...

Страница 24: ...FP Client 2 10 D Displaying and Maintaining ACFP 2 11 E Enabling the ACFP Server2 9 Enabling the ACFP Trap Function 2 10 F G H I Introduction to ACFP 2 4 Introduction to ACSEI3 14 J K L Logging In to...

Отзывы: