Open Application Platform (OAP) is developed by Hangzhou H3C Technologies Co., Ltd. (referred to as H3C hereinafter), aimed at new services. An OAP module runs an independent operating system. You can load software such as load balance, security and voice in the operating system as needed.

By using OAP, the networking devices such as S7500E,S9500 and S9500E switches of H3C integrate the security functions with SecBlade LB cards. A SecBlade LB card runs an independent operating system; it interacts with the networking device on data, status information and control information through its internal service interfaces. The operations and configurations of a SecBlade LB card on the networking device include:

l Redirecting to the SecBlade LB Card from the Device

l Resetting the Operating System of the SecBlade LB Card

Redirecting to the SecBlade LB Card from the Device

You can redirect to the system of a SecBlade LB card from a networking device (such as an S7500E,S9500 or S9500E switch) through the following operation. In this way, the terminal display interface will be switched from the command line interface of the networking device to the operating interface of the system on the SecBlade LB card. After the switch, you can press Ctrl+K to return to the command line interface on the networking device.

If you log in to a SecBlade LB card using the following command from a networking device, you log in to the SecBlade LB card system as if you log in through the AUX port. Therefore, to ensure normal login, you need to set the authentication mode at login and the user level in AUX view on the SecBlade LB card user interface. Refer to User Interface Configuration in the System Volume for the detailed configuration.

Follow the step to redirect from the device to the SecBlade SecBlade LB card:

To do…	Use the command…	Remarks
Redirect from the networking device to the SecBlade LB card	oap connect slot slot-number	Required Available in user view

To do…

Use the command…

Remarks

Redirect from the networking device to the SecBlade LB card

oap connect slot slot-number

Required

Available in user view

Resetting the Operating System of the SecBlade LB Card

If the operating system works abnormally or is under other anomalies, you can reset the system of a SecBlade LB card with the following command, which equals to resetting the SecBlade LB card by pressing the reset button on the SecBlade LB card.

A SecBlade LB card has its independent CPU; therefore, the device can still recognize and control the SecBlade LB card after you reset the system. That is, restart of the SecBlade LB card does not result in the restart of the device.

Follow the step to reset the system of the SecBlade LB card:

To do…	Use the command…	Remarks
Reset the system of a SecBlade LB card	oap reboot slot slot-number	Required Available in user view on networking device.

To do…

Use the command…

Remarks

Reset the system of a SecBlade LB card

oap reboot slot slot-number

Required

Available in user view on networking device.

Reset of the SecBlade LB card may cause data loss and service interruption. Therefore, before resetting the SecBlade LB card, you need to save the data on the operating system and shut down the operating system to avoid service interruption and hardware data loss.

2 ACSEI Configuration

When configuring ACSEI, go to these sections for information you are interested in:

l Introduction to ACSEI

l ACSEI Server Configuration

l Configuring ACSEI Client (Supported on a SecBlade LB Card)

Introduction to ACSEI

As a private protocol, ACSEI provides a method for exchanging information between ACFP clients and ACFP server. It well supports Application Control Forwarding Protocol (ACFP) collaboration, ensuring valid information interaction between the ACFP clients and the ACFP server, so that the ACFP server and clients can cooperate to run a service.

As a supporting protocol of ACFP, ACSEI also has two entities: server and client.

A networking device such as an S7500E,S9500 or S9500E of H3C that integrates load balance and security functions using a SecBlade LB card supports ACSEI, serving as the ACSEI server; a SecBlade LB card supports ACSEI, serving as the ACSEI client.

Functions of ACSEI

ACSEI mainly provides the following functions:

l Registration and deregistration of an ACSEI client to the ACSEI server.

l ID assignment. The ACSEI server assigns IDs to ACSEI clients to distinguish between them.

l Mutual monitoring and awareness between an ACSEI client and the ACSEI server.

l Information interaction between the ACSEI server and ACSEI clients, including clock synchronization.

l Control of the ACSEI clients on the ACSEI server. For example, you can close ACSEI client, or restart ACSEI client on the ACSEI server.

An ACSEI server can register multiple ACSEI clients. The maximum number of ACSEI clients that an ACSEI server allows to register depends on the networking device model.

ACSEI Timers

An ACSEI server uses two timers, the clock synchronization timer and the monitoring timer.

l The clock synchronization timer is used to periodically trigger the ACSEI server to send clock synchronization advertisements to ACSEI clients. You can set this timer through command lines.

l The monitoring timer is used to periodically trigger the ACSEI server to send monitoring requests to ACSEI clients. You can set this timer through command lines.

l An ACSEI client starts two timers, the registration timer and the monitoring timer.

l The registration timer is used to periodically trigger the ACSEI client to multicast registration requests (with the multicast MAC address being 010F-E200-0021). You cannot set this timer.

l The monitoring timer is used to periodically trigger the ACSEI client to send monitoring requests to the ACSEI server. You cannot set this timer.

ACSEI Startup and Running

ACSEI starts up and runs in the following procedures:

1) Enable ACSEI client.

2) Start up the device and enable the ACSEI server function on it.

3) The ACSEI client multicasts registration requests.

4) After the ACSEI server receives a valid registration request, it negotiates parameters with the ACSEI client and establishes a connection with the client if the negotiation succeeds.

5) The ACSEI server and the ACSEI client mutually monitor the connection.

6) If detecting the disconnection of the ACSEI client, the ACFP server will remove the configuration and policies associated with the client.

ACSEI Server Configuration (Supported on a networking Device)

The section covers these topics:

l Enabling ACSEI Server

l Configuring the Clock Synchronization Timer

l Configuring the Monitoring Timer

l Closing an ACSEI Client

l Restarting an ACSEI Client

l Displaying and Maintaining ACSEI Server

Enabling ACSEI Server

Follow these steps to enable ACSEI server:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable ACSEI server	acsei server enable	Required Disabled by default.

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable ACSEI server

acsei server enable

Required

Disabled by default.

Configuring the Clock Synchronization Timer

Follow these steps to configure the clock synchronization timer:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the ACSEI server function	acsei server enable	Required
Enter ACSEI server view	acsei server	—
Configure the clock synchronization timer from ACSEI server to ACSEI client	acsei timer clock-sync minutes	Optional Five minutes by default.

Configuring the Monitoring Timer

Follow theses steps to configure the monitoring timer:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the ACSEI server function	acsei server enable	Required
Enter ACSEI server view	acsei server	—
Configure the monitoring timer for the ACSEI server to monitor the ACSEI client	acsei timer monitor seconds	Optional Five seconds by default.

Closing an ACSEI Client

Follow these steps to close an ACSEI client:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the ACSEI server function	acsei server enable	Required
Enter ACSEI server view	acsei server	—
Close the specified ACSEI client	acsei client close client-id	Required

Restarting an ACSEI Client

Follow these steps to restart an ACSEI client:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the ACSEI server function	acsei server enable	Required
Enter ACSEI server view	acsei server	—
Restart the specified ACSEI client	acsei client reboot client-id	Required

Displaying and Maintaining ACSEI Server

To do…	Use the command…	Remarks
Display ACSEI client summary	display acsei client summary [ client-id ]	Available in any view
Display ACSEI client information	display acsei client info [ client-id ]	Available in any view

Configuring ACSEI Client (Supported on a SecBlade LB Card)

As a function supported by a SecBlade LB card, ACSEI client is integrated into the software system of the SecBlade LB card.

Enabling ACSEI Client

Follow these steps to enable ACSEI client:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter interface view	interface interface-type interface-number	Required
Enable ACSEI client	acsei-client enable	Required Disabled by default.

Displaying and Maintaining ACSEI Client

To do…	Use the command…	Remarks
Display information about ACSEI client	display acsei-client information	Available in any view
Display the current state of ACSEI client	display acsei-client status	Available in any view

TOP

H3C reserves the right to modify its collaterals without any prior notice. For the latest information of the collaterals, please consult H3C sales or call 400 hotline.