2-8
z
Monitoring rules: that is, to monitor, analyze, and process the packets to be sent to the ACFP client.
The action types corresponding to monitoring rules are
redirect
and
mirror
.
z
Filtering rules: that is, to determine which packets to deny and which packets to permit. The action
types corresponding to filtering rules are
deny
and
permit
.
z
Restricting rules: that is, to determine the rate of which packets is to be restricted. The action type
corresponding to restricting rules is
rate
.
Rule information is described as follows:
z
ClientID: ACFP client identifier.
z
Policy index
z
Rule index: rule identifier
z
Status: It indicates whether the rule is applied successfully.
z
Action: It can be mirror, redirect, deny, permit, or rate.
z
Match all packets: It indicates whether to match all the packets. If yes, the following matching
needs not be performed.
z
Source MAC address
z
Destination MAC address
z
Starting VLAN ID
z
Ending VLAN ID
z
Protocol number in IP
z
Source IP address
z
Wildcard mask of source IP address
z
Source port operator: Its type can be
equal to
,
not equal to
,
greater than
,
less than
,
greater
than and less than
. The following ending source port number takes effect only when the type is
greater than and less than
. The source port number of the packets matched by the identifier
must be greater than the starting source port number and less than the ending source port number.
z
Starting source port number
z
Ending source port number
z
Destination IP address
z
Wildcard mask of destination IP address
z
Destination port number operator: Its type can be
equal to
,
not equal to
,
greater than
,
less than
,
greater than and less than
. The following ending destination port number is meaning only when
the type is
greater than and less than
. The destination port number of the packets matched by
the identifier must be greater than the starting destination port number and less than the ending
destination port number.
z
Starting destination port number
z
Ending destination port number
z
Pro: Protocol type, which can be GRE, ICMP, IGMP, OSPF, TCP, UDP, and IP.
z
IP precedence: Packet precedence, a number in the range of 0 to 7.
z
IP ToS: Type of Service (ToS) of IP
z
IP DSCP: Differentiated Services Code Point (DSCP) of IP
z
TCP flag: It indicates that some bits in the six flag bits (URG, ACK, PSH, RST, SYN, FIN) are
concerned.