- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
03-ACFP Commands | 107.86 KB |
acfp server enable
Syntax
acfp server enable
undo acfp server enable
View
System view
Default level
2: System level
Parameters
None
Description
Use the acfp server enable command to enable the ACFP server.
Use the undo acfp server enable command to disable the ACFP server.
By default, the ACFP server is disabled.
In case that the ACSEI server is enabled on the router, when you first disable and then enable the ACFP server, to make sure that the ACFP collaboration rules can be resent to the ACFP server, you must also disable and then enable the ACSEI server.
Related commands: acsei server enable.
Examples
# Enable the ACFP server.
<Sysname> system-view
[Sysname] acfp server enable
display acfp client-info
Syntax
display acfp client-info [ client-id ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
client-id: Displays information of the specified ACFP client, where client-id is the ACFP client identifier, in the range of 1 to 2147483647.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display acfp client-info command to display the information about the specified ACFP client(s).
If no ACFP client ID is specified, the information about all the ACFP clients is displayed.
Examples
# Display the information about all the ACFP clients.
<Sysname> display acfp client-info
ACFP client total number: 1
ClientID: 2
Description: Intrusion Prevention System
Hw-Info: 2.0
OS-Info: i-Ware software, Version 1.10
App-Info: Ess 2110P01
Client IP: 40.93.1.2
Client Mode: redirect mirror
Table 1 Output description
Field |
Description |
ACFP client total number |
Total number of ACFP clients. |
ClientID |
Client ID, index of client list. |
Description |
Description of the ACFP client. |
Hw-Info |
Hardware information of the ACFP client. |
OS-Info |
Operating system information of the ACFP client. |
App-Info |
Application software information of the ACFP client. |
Client IP |
IP address of the ACFP client. |
Client Mode |
Working mode supported on the client: · ipserver—host mode. · redirect—redirect mode. · mirror—mirror mode. · passthrough—pass-through mode. |
display acfp policy-info
Syntax
display acfp policy-info [ client client-id [ policy-index ] | dest-interface interface-type interface-number | global | in-interface interface-type interface-number | out-interface interface-type interface-number ] [ active | inactive ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
client client-id: Displays the policy sent by the specified ACFP client, where client-id is the ACFP client ID, in the range of 1 to 2147483647.
policy-index: Policy index, in the range of 1 to 2147483647.
dest-interface interface-type interface-number: Displays all the policies that use the specified interface (destination interface) for connecting to the ACFP client, where interface-type interface-number is the interface type and interface number.
in-interface interface-type interface-number: Displays all the policies that use the specified interface as the inbound interface, where interface-type interface-number is the interface type and interface number..
active: Displays active policies only.
inactive: Displays inactive policies only.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
|
NOTE: The global and out-interface keywords are not available. |
Description
Use the display acfp policy-info command to display the ACFP policy information.
When you use this command to display the policy information sent by the specified ACFP client, if you specify the policy-index argument, the command displays the information about the policy whose number is policy-index applied by the ACFP client with an ID of client-id. Otherwise, the command displays the information about all the policies sent by the ACFP client with an ID of client-id.
If neither the active nor inactive keyword is specified, the command displays all the active or inactive policies.
If no argument is specified, the command displays the information about all the policies.
Examples
# Display the information about the policies for all the packets that use Ten-Ethernet 0/0/3 as the inbound interface.
<Sysname> display acfp policy-info in-interface Ten-GigabitEthernet 0/0/3
ACFP policy total number: 1
ClientID: 3 Policy-Index: 2
Rule-Num: 1 ContextID: 128
Exist-Time: 61500 (s) Life-Time: 2147483647(s)
Start-Time: 00:00:00 End-Time: 24:00:00
Admin-Status: enable Effect-Status: active
DstIfFailAction: delete Priority: 1
In-Interface: Ten-GigabitEthernet0/0/3
Out-Interface:
Dest-Interface: Ten-GigabitEthernet7/0/1
Table 2 Output description
Field |
Description |
ACFP policy total number |
Total number of ACFP policies. |
ClientID |
Client ID, index of client list. |
Policy-Index |
Policy index. |
Rule-Num |
Number of rules under the policy. |
ContextID |
Context ID. |
Exist-Time |
For how long the policy existed, in seconds. |
Life-Time |
Policy expiration time, in seconds. |
Start-Time |
Policy start time. |
End-Time |
Policy end time. |
Admin-Status |
Policy administration status. |
Effect-Status |
Whether the policy is effective. |
DstIfFailAction |
If the policy dest-interface is down, the actions to all rules under the policy will be as follows: · delete—Keep the redirected and mirrored packets being forwarded (for forwarding first routers, select the delete action). · reserve—Discard the redirected and mirrored packets (for security first routers, select the reserve action). |
Priority |
Priority of a policy, number notation, in the range of 1 to 8 (the bigger the number, the higher the priority). |
In-Interface |
Inbound interface of the packet. |
Out-Interface |
Outbound interface of the packet. |
Dest-Interface |
Interface connected to the ACFP client. |
display acfp rule-info
Syntax
display acfp rule-info { global | in-interface [ interface-type interface-number ] | out-interface [ interface-type interface-number ] | policy [ client-id policy-index ] } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
in-interface: Displays ACFP rule information in order of inbound interface. The ACFP rule information which does not include the inbound interface is not displayed.
interface-type interface-number: Specifies an interface by its type and number.
policy: Displays the ACFP rule information in order of policy.
client-id: ACFP client ID, in the range of 1 to 2147483647.
policy-index: Policy index, in the range of 1 to 2147483647.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
|
NOTE: The global and out-interface keywords are not available. |
Description
Use the display acfp rule-info command to display ACFP rule information.
When you use this command to display ACFP rule information in order of policy, if you specify neither client ID nor policy index, the rule information of all the policies is displayed.
When you use this command to display ACFP rule information in order of outbound/inbound interface, if you specify no interface, the rule information for all the inbound interfaces or outbound interfaces is displayed.
Examples
# Display ACFP rule information in order of inbound interface.
<Sysname> display acfp rule-info in-interface Ten-GigabitEthernet 0/0/3
In-Interface: Ten-GigabitEthernet0/0/3
ACFP rule total number: 2
ClientID:2 Policy-Index:2 Rule-Index:1
SIP:20.1.1.0 SWildcard:0.0.0.255
Action:redirect Status:active OperationStatus:succeeded
ClientID:3 Policy-Index:2 Rule-Index:1
SIP:20.1.1.0 SWildcard:0.0.0.255
Action:redirect Status:active OperationStatus:succeeded
# Display ACFP rule information in order of policy.
<Sysname> display acfp rule-info policy 2 1
ACFP rule total number: 1
ClientID:2 Policy-Index:1 Rule-Index:4
SIP:10.1.1.0 SWildcard:0.0.0.255
DIP:20.1.1.0 DWildcard:0.0.0.255
Protocol:ipinip
Action:redirect Status:active OperationStatus:succeeded
Table 3 Output description
Field |
Description |
In-Interface |
Inbound interface of the packet. |
ACFP rule total number |
Total number of ACFP rules. |
ClientID |
Client ID, index of client list. |
Policy-Index |
Policy index. |
Rule-Index |
Rule index. |
SMAC |
Source MAC address. |
DMAC |
Destination MAC address. |
StartVLAN |
Start VLAN of the source VLAN. |
EndVLAN |
End VLAN of the source VLAN. |
PackRate |
Value of the restricted rate of packets, in kbps. |
SIP |
Source IP address. |
SWildcard |
Inverse mask of source IP address. |
SPort |
Source port number. |
DIP |
Destination IP address. |
DWildcard |
Inverse mask of destination IP address. |
DPort |
Destination port number. |
Protocol |
Protocol of the packet: GRE, ICMP, IGMP, IPinIP, OSPF, TCP, UDP, IP, and so on. |
Fragment |
Whether the packet is a fragment: · true—Indicates the packet is a fragment. · false—Indicates all the packets, not concerned about whether the packet is a fragment or not. |
ToS |
Type of Service, indicated by a number in the range of 0 to 15. |
Pre |
Packet precedence, indicated by a number in the range of 0 to 7. |
DSCP |
Differentiated Services Code Point, indicated by characters for Be, Ef, Af11, Af12, Af13, Af21, Af22, Af23, Af31, Af32, Af33, Af41, Af42, Af43, Cs1, Cs2, Cs3, Cs4, Cs5, Cs6, and Cs7 and indicated by a number in the range 0 to 63 for other code points. |
TCPFlag |
The value is six bits, which represents URG, ACK, PSH, RST, SYN, and FIN respectively from low to high. |
TCPMask |
The value is six bits, which represents URG mask, ACK mask, PSH mask, RST mask, SYN mask, and FIN mask respectively from low to high. For each bit, the value 1 indicates that this bit is concerned, and the value 0 indicates that this bit is not concerned. |
Action |
Action: · permit · deny · mirror · redirect · rate—rate limit. |
Status |
Rule status, active or inactive. |
OperationStatus |
Rule application status, succeeded or failed. |
display acfp server-info
Syntax
display acfp server-info [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display acfp server-info command to display ACFP server information.
# Display ACFP server information.
<Sysname> display acfp server-info
Server-Info: ipserver redirect mirror
Max Life-Time: 2147483647(s)
PersistentRules: false
ContextType: HGPlus-context
Table 4 Output description
Field |
Description |
Server-Info |
ACFP client working mode supported by the ACFP server: · ipserver—host mode. · redirect—redirect mode. · mirror—mirror mode. · passthrough—pass-through mode. |
Max Life-Time |
Maximum expiration time (in seconds) of the collaboration policy supported by the ACFP server. |
PersistentRules |
Whether the ACFP server supports permanent collaboration rules. |