ACFP configuration commands 1

acfp server enable· 1

display acfp client-info· 1

display acfp policy-info· 2

display acfp rule-info· 4

display acfp server-info· 7

acfp server enable

Syntax

acfp server enable

undo acfp server enable

View

System view

Default level

2: System level

Parameters

None

Description

Use the acfp server enable command to enable the ACFP server.

Use the undo acfp server enable command to disable the ACFP server.

By default, the ACFP server is disabled.

In case that the ACSEI server is enabled on the router, when you first disable and then enable the ACFP server, to make sure that the ACFP collaboration rules can be resent to the ACFP server, you must also disable and then enable the ACSEI server.

Related commands: acsei server enable.

Examples

# Enable the ACFP server.

<Sysname> system-view

[Sysname] acfp server enable

display acfp client-info

Syntax

display acfp client-info [ client-id ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

client-id: Displays information of the specified ACFP client, where client-id is the ACFP client identifier, in the range of 1 to 2147483647.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display acfp client-info command to display the information about the specified ACFP client(s).

If no ACFP client ID is specified, the information about all the ACFP clients is displayed.

Examples

# Display the information about all the ACFP clients.

<Sysname> display acfp client-info

ACFP client total number: 1

ClientID:    2

Description: Intrusion Prevention System

Hw-Info:       2.0

OS-Info:     i-Ware software, Version 1.10

App-Info:    Ess 2110P01

Client IP:   40.93.1.2

Client Mode: redirect  mirror

Table 1 Output description

Field	Description
ACFP client total number	Total number of ACFP clients.
ClientID	Client ID, index of client list.
Description	Description of the ACFP client.
Hw-Info	Hardware information of the ACFP client.
OS-Info	Operating system information of the ACFP client.
App-Info	Application software information of the ACFP client.
Client IP	IP address of the ACFP client.
Client Mode	Working mode supported on the client: ·       ipserver—host mode. ·       redirect—redirect mode. ·       mirror—mirror mode. ·       passthrough—pass-through mode.

 

display acfp policy-info

Syntax

display acfp policy-info [ client client-id [ policy-index ] | dest-interface  interface-type interface-number | global | in-interface interface-type interface-number | out-interface interface-type interface-number ] [ active | inactive ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

client client-id: Displays the policy sent by the specified ACFP client, where client-id is the ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

dest-interface interface-type interface-number: Displays all the policies that use the specified interface (destination interface) for connecting to the ACFP client, where interface-type interface-number is the interface type and interface number.

in-interface interface-type interface-number: Displays all the policies that use the specified interface as the inbound interface, where interface-type interface-number is the interface type and interface number..

active: Displays active policies only.

inactive: Displays inactive policies only.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

 

NOTE: The global and out-interface keywords are not available.

 

Description

Use the display acfp policy-info command to display the ACFP policy information.

When you use this command to display the policy information sent by the specified ACFP client, if you specify the policy-index argument, the command displays the information about the policy whose number is policy-index applied by the ACFP client with an ID of client-id. Otherwise, the command displays the information about all the policies sent by the ACFP client with an ID of client-id.

If neither the active nor inactive keyword is specified, the command displays all the active or inactive policies.

If no argument is specified, the command displays the information about all the policies.

Examples

# Display the information about the policies for all the packets that use Ten-Ethernet 0/0/3 as the inbound interface.

<Sysname> display acfp policy-info in-interface Ten-GigabitEthernet 0/0/3

ACFP policy total number: 1

ClientID:        3                   Policy-Index:  2

Rule-Num:        1                   ContextID:     128

Exist-Time:      61500     (s)       Life-Time:     2147483647(s)

Start-Time:      00:00:00            End-Time:      24:00:00

Admin-Status:    enable              Effect-Status: active

DstIfFailAction: delete              Priority:      1

In-Interface:    Ten-GigabitEthernet0/0/3

Out-Interface:

Dest-Interface:  Ten-GigabitEthernet7/0/1

Table 2 Output description

Field	Description
ACFP policy total number	Total number of ACFP policies.
ClientID	Client ID, index of client list.
Policy-Index	Policy index.
Rule-Num	Number of rules under the policy.
ContextID	Context ID.
Exist-Time	For how long the policy existed, in seconds.
Life-Time	Policy expiration time, in seconds.
Start-Time	Policy start time.
End-Time	Policy end time.
Admin-Status	Policy administration status.
Effect-Status	Whether the policy is effective.
DstIfFailAction	If the policy dest-interface is down, the actions to all rules under the policy will be as follows: ·       delete—Keep the redirected and mirrored packets being forwarded (for forwarding first routers, select the delete action). ·       reserve—Discard the redirected and mirrored packets (for security first routers, select the reserve action).
Priority	Priority of a policy, number notation, in the range of 1 to 8 (the bigger the number, the higher the priority).
In-Interface	Inbound interface of the packet.
Out-Interface	Outbound interface of the packet.
Dest-Interface	Interface connected to the ACFP client.

 

display acfp rule-info

Syntax

display acfp rule-info { global | in-interface [ interface-type interface-number ] | out-interface [ interface-type interface-number ] | policy [ client-id policy-index ] } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

in-interface: Displays ACFP rule information in order of inbound interface. The ACFP rule information which does not include the inbound interface is not displayed.

interface-type interface-number: Specifies an interface by its type and number.

policy: Displays the ACFP rule information in order of policy.

client-id: ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

 

NOTE: The global and out-interface keywords are not available.

 

Description

Use the display acfp rule-info command to display ACFP rule information.

When you use this command to display ACFP rule information in order of policy, if you specify neither client ID nor policy index, the rule information of all the policies is displayed.

When you use this command to display ACFP rule information in order of outbound/inbound interface, if you specify no interface, the rule information for all the inbound interfaces or outbound interfaces is displayed.

Examples

# Display ACFP rule information in order of inbound interface.

<Sysname> display acfp rule-info in-interface Ten-GigabitEthernet 0/0/3

In-Interface:   Ten-GigabitEthernet0/0/3

ACFP rule total number:  2

ClientID:2              Policy-Index:2           Rule-Index:1

SIP:20.1.1.0            SWildcard:0.0.0.255

Action:redirect         Status:active            OperationStatus:succeeded

ClientID:3              Policy-Index:2           Rule-Index:1

SIP:20.1.1.0            SWildcard:0.0.0.255

Action:redirect         Status:active            OperationStatus:succeeded

# Display ACFP rule information in order of policy.

<Sysname> display acfp rule-info policy 2 1

ACFP rule total number:  1

ClientID:2              Policy-Index:1           Rule-Index:4

SIP:10.1.1.0            SWildcard:0.0.0.255

DIP:20.1.1.0            DWildcard:0.0.0.255

Protocol:ipinip

Action:redirect         Status:active            OperationStatus:succeeded

Table 3 Output description

Field	Description
In-Interface	Inbound interface of the packet.
ACFP rule total number	Total number of ACFP rules.
ClientID	Client ID, index of client list.
Policy-Index	Policy index.
Rule-Index	Rule index.
SMAC	Source MAC address.
DMAC	Destination MAC address.
StartVLAN	Start VLAN of the source VLAN.
EndVLAN	End VLAN of the source VLAN.
PackRate	Value of the restricted rate of packets, in kbps.
SIP	Source IP address.
SWildcard	Inverse mask of source IP address.
SPort	Source port number.
DIP	Destination IP address.
DWildcard	Inverse mask of destination IP address.
DPort	Destination port number.
Protocol	Protocol of the packet: GRE, ICMP, IGMP, IPinIP, OSPF, TCP, UDP, IP, and so on.
Fragment	Whether the packet is a fragment: ·       true—Indicates the packet is a fragment. ·       false—Indicates all the packets, not concerned about whether the packet is a fragment or not.
ToS	Type of Service, indicated by a number in the range of 0 to 15.
Pre	Packet precedence, indicated by a number in the range of 0 to 7.
DSCP	Differentiated Services Code Point, indicated by characters for Be, Ef, Af11, Af12, Af13, Af21, Af22, Af23, Af31, Af32, Af33, Af41, Af42, Af43, Cs1, Cs2, Cs3, Cs4, Cs5, Cs6, and Cs7 and indicated by a number in the range 0 to 63 for other code points.
TCPFlag	The value is six bits, which represents URG, ACK, PSH, RST, SYN, and FIN respectively from low to high.
TCPMask	The value is six bits, which represents URG mask, ACK mask, PSH mask, RST mask, SYN mask, and FIN mask respectively from low to high. For each bit, the value 1 indicates that this bit is concerned, and the value 0 indicates that this bit is not concerned.
Action	Action: ·       permit ·       deny ·       mirror ·       redirect ·       rate—rate limit.
Status	Rule status, active or inactive.
OperationStatus	Rule application status, succeeded or failed.

 

display acfp server-info

Syntax

display acfp server-info [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display acfp server-info command to display ACFP server information.

Examples

 # Display ACFP server information.

<Sysname> display acfp server-info

Server-Info:     ipserver redirect mirror

Max Life-Time:   2147483647(s)

PersistentRules: false

ContextType:     HGPlus-context

Table 4 Output description

Field	Description
Server-Info	ACFP client working mode supported by the ACFP server: ·       ipserver—host mode. ·       redirect—redirect mode. ·       mirror—mirror mode. ·       passthrough—pass-through mode.
Max Life-Time	Maximum expiration time (in seconds) of the collaboration policy supported by the ACFP server.
PersistentRules	Whether the ACFP server supports permanent collaboration rules.