13-OAA Command Reference

HomeSupportResource CenterRoutersH3C SR8800 Series RoutersH3C SR8800Technical DocumentsCommandCommand ReferenceH3C SR8800 Command Reference-Release3347-6W10313-OAA Command Reference
Table of Contents
Related Documents
03-ACFP Commands
Title Size Download
03-ACFP Commands 107.86 KB

acfp server enable

Syntax

acfp server enable

undo acfp server enable

View

System view

Default level

2: System level

Parameters

None

Description

Use the acfp server enable command to enable the ACFP server.

Use the undo acfp server enable command to disable the ACFP server.

By default, the ACFP server is disabled.

In case that the ACSEI server is enabled on the router, when you first disable and then enable the ACFP server, to make sure that the ACFP collaboration rules can be resent to the ACFP server, you must also disable and then enable the ACSEI server.

Related commands: acsei server enable.

Examples

# Enable the ACFP server.

<Sysname> system-view

[Sysname] acfp server enable

display acfp client-info

Syntax

display acfp client-info [ client-id ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

client-id: Displays information of the specified ACFP client, where client-id is the ACFP client identifier, in the range of 1 to 2147483647.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display acfp client-info command to display the information about the specified ACFP client(s).

If no ACFP client ID is specified, the information about all the ACFP clients is displayed.

Examples

# Display the information about all the ACFP clients.

<Sysname> display acfp client-info

ACFP client total number: 1

ClientID:    2

Description: Intrusion Prevention System

Hw-Info:       2.0

OS-Info:     i-Ware software, Version 1.10

App-Info:    Ess 2110P01

Client IP:   40.93.1.2

Client Mode: redirect  mirror

Table 1 Output description

Field

Description

ACFP client total number

Total number of ACFP clients.

ClientID

Client ID, index of client list.

Description

Description of the ACFP client.

Hw-Info

Hardware information of the ACFP client.

OS-Info

Operating system information of the ACFP client.

App-Info

Application software information of the ACFP client.

Client IP

IP address of the ACFP client.

Client Mode

Working mode supported on the client:

·       ipserverhost mode.

·       redirectredirect mode.

·       mirrormirror mode.

·       passthroughpass-through mode.

 

display acfp policy-info

Syntax

display acfp policy-info [ client client-id [ policy-index ] | dest-interface  interface-type interface-number | global | in-interface interface-type interface-number | out-interface interface-type interface-number ] [ active | inactive ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

client client-id: Displays the policy sent by the specified ACFP client, where client-id is the ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

dest-interface interface-type interface-number: Displays all the policies that use the specified interface (destination interface) for connecting to the ACFP client, where interface-type interface-number is the interface type and interface number.

in-interface interface-type interface-number: Displays all the policies that use the specified interface as the inbound interface, where interface-type interface-number is the interface type and interface number..

active: Displays active policies only.

inactive: Displays inactive policies only.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

 

 

NOTE:

The global and out-interface keywords are not available.

 

Description

Use the display acfp policy-info command to display the ACFP policy information.

When you use this command to display the policy information sent by the specified ACFP client, if you specify the policy-index argument, the command displays the information about the policy whose number is policy-index applied by the ACFP client with an ID of client-id. Otherwise, the command displays the information about all the policies sent by the ACFP client with an ID of client-id.

If neither the active nor inactive keyword is specified, the command displays all the active or inactive policies.

If no argument is specified, the command displays the information about all the policies.

Examples

# Display the information about the policies for all the packets that use Ten-Ethernet 0/0/3 as the inbound interface.

<Sysname> display acfp policy-info in-interface Ten-GigabitEthernet 0/0/3

ACFP policy total number: 1

ClientID:        3                   Policy-Index:  2

Rule-Num:        1                   ContextID:     128

Exist-Time:      61500     (s)       Life-Time:     2147483647(s)

Start-Time:      00:00:00            End-Time:      24:00:00

Admin-Status:    enable              Effect-Status: active

DstIfFailAction: delete              Priority:      1

In-Interface:    Ten-GigabitEthernet0/0/3

Out-Interface:

Dest-Interface:  Ten-GigabitEthernet7/0/1

Table 2 Output description

Field

Description

ACFP policy total number

Total number of ACFP policies.

ClientID

Client ID, index of client list.

Policy-Index

Policy index.

Rule-Num

Number of rules under the policy.

ContextID

Context ID.

Exist-Time

For how long the policy existed, in seconds.

Life-Time

Policy expiration time, in seconds.

Start-Time

Policy start time.

End-Time

Policy end time.

Admin-Status

Policy administration status.

Effect-Status

Whether the policy is effective.

DstIfFailAction

If the policy dest-interface is down, the actions to all rules under the policy will be as follows:

·       deleteKeep the redirected and mirrored packets being forwarded (for forwarding first routers, select the delete action).

·       reserveDiscard the redirected and mirrored packets (for security first routers, select the reserve action).

Priority

Priority of a policy, number notation, in the range of 1 to 8 (the bigger the number, the higher the priority).

In-Interface

Inbound interface of the packet.

Out-Interface

Outbound interface of the packet.

Dest-Interface

Interface connected to the ACFP client.

 

display acfp rule-info

Syntax

display acfp rule-info { global | in-interface [ interface-type interface-number ] | out-interface [ interface-type interface-number ] | policy [ client-id policy-index ] } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

in-interface: Displays ACFP rule information in order of inbound interface. The ACFP rule information which does not include the inbound interface is not displayed.

interface-type interface-number: Specifies an interface by its type and number.

policy: Displays the ACFP rule information in order of policy.

client-id: ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

 

 

NOTE:

The global and out-interface keywords are not available.

 

Description

Use the display acfp rule-info command to display ACFP rule information.

When you use this command to display ACFP rule information in order of policy, if you specify neither client ID nor policy index, the rule information of all the policies is displayed.

When you use this command to display ACFP rule information in order of outbound/inbound interface, if you specify no interface, the rule information for all the inbound interfaces or outbound interfaces is displayed.

Examples

# Display ACFP rule information in order of inbound interface.

<Sysname> display acfp rule-info in-interface Ten-GigabitEthernet 0/0/3

In-Interface:   Ten-GigabitEthernet0/0/3

ACFP rule total number:  2

ClientID:2              Policy-Index:2           Rule-Index:1

SIP:20.1.1.0            SWildcard:0.0.0.255

Action:redirect         Status:active            OperationStatus:succeeded

ClientID:3              Policy-Index:2           Rule-Index:1

SIP:20.1.1.0            SWildcard:0.0.0.255

Action:redirect         Status:active            OperationStatus:succeeded

# Display ACFP rule information in order of policy.

<Sysname> display acfp rule-info policy 2 1

ACFP rule total number:  1

ClientID:2              Policy-Index:1           Rule-Index:4

SIP:10.1.1.0            SWildcard:0.0.0.255

DIP:20.1.1.0            DWildcard:0.0.0.255

Protocol:ipinip

Action:redirect         Status:active            OperationStatus:succeeded

Table 3 Output description

Field

Description

In-Interface

Inbound interface of the packet.

ACFP rule total number

Total number of ACFP rules.

ClientID

Client ID, index of client list.

Policy-Index

Policy index.

Rule-Index

Rule index.

SMAC

Source MAC address.

DMAC

Destination MAC address.

StartVLAN

Start VLAN of the source VLAN.

EndVLAN

End VLAN of the source VLAN.

PackRate

Value of the restricted rate of packets, in kbps.

SIP

Source IP address.

SWildcard

Inverse mask of source IP address.

SPort

Source port number.

DIP

Destination IP address.

DWildcard

Inverse mask of destination IP address.

DPort

Destination port number.

Protocol

Protocol of the packet: GRE, ICMP, IGMP, IPinIP, OSPF, TCP, UDP, IP, and so on.

Fragment

Whether the packet is a fragment:

·       trueIndicates the packet is a fragment.

·       falseIndicates all the packets, not concerned about whether the packet is a fragment or not.

ToS

Type of Service, indicated by a number in the range of 0 to 15.

Pre

Packet precedence, indicated by a number in the range of 0 to 7.

DSCP

Differentiated Services Code Point, indicated by characters for Be, Ef, Af11, Af12, Af13, Af21, Af22, Af23, Af31, Af32, Af33, Af41, Af42, Af43, Cs1, Cs2, Cs3, Cs4, Cs5, Cs6, and Cs7 and indicated by a number in the range 0 to 63 for other code points.

TCPFlag

The value is six bits, which represents URG, ACK, PSH, RST, SYN, and FIN respectively from low to high.

TCPMask

The value is six bits, which represents URG mask, ACK mask, PSH mask, RST mask, SYN mask, and FIN mask respectively from low to high.

For each bit, the value 1 indicates that this bit is concerned, and the value 0 indicates that this bit is not concerned.

Action

Action:

·       permit

·       deny

·       mirror

·       redirect

·       raterate limit.

Status

Rule status, active or inactive.

OperationStatus

Rule application status, succeeded or failed.

 

display acfp server-info

Syntax

display acfp server-info [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display acfp server-info command to display ACFP server information.

Examples

 # Display ACFP server information.

<Sysname> display acfp server-info

Server-Info:     ipserver redirect mirror

Max Life-Time:   2147483647(s)

PersistentRules: false

ContextType:     HGPlus-context

Table 4 Output description

Field

Description

Server-Info

ACFP client working mode supported by the ACFP server:

·       ipserverhost mode.

·       redirectredirect mode.

·       mirrormirror mode.

·       passthroughpass-through mode.

Max Life-Time

Maximum expiration time (in seconds) of the collaboration policy supported by the ACFP server.

PersistentRules

Whether the ACFP server supports permanent collaboration rules.