Table of Contents

1 ACFP Configuration Commands· 1-1

ACFP Configuration Commands· 1-1

acfp server enable· 1-1

display acfp client-info· 1-1

display acfp policy-info· 1-2

display acfp rule-info· 1-4

display acfp server-info· 1-7

ACFP Configuration Commands

acfp server enable

Syntax

acfp server enable

undo acfp server enable

View

System view

Default Level

2: System level

Parameters

None

Description

Use the acfp server enable command to enable the ACFP server.

Use the undo acfp server enable command to disable the ACFP server.

By default, the ACFP server is disabled.

If the ACSEI server is enabled on the device, when you first disable and then enable the ACFP server, you must also disable and then enable the ACSEI server to ensure that the ACFP collaboration rules can be resent to the ACFP server.

Related commands: acsei server enable in ACSEI Commands in the Command Reference - Part 11 - OAA.

Examples

# Enable the ACFP server.

<Sysname> system-view

[Sysname] acfp server enable

display acfp client-info

Syntax

display acfp client-info [ client-id ]

View

Any view

Default Level

1: Monitor level

Parameters

client-id: Displays information about the specified ACFP client, where client-id is the ACFP client identifier, in the range of 1 to 2147483647.

Description

Use the display acfp client-info command to display information about the specified ACFP client(s).

Note that if no ACFP client ID is specified, information about all the ACFP clients is displayed.

Examples

# Display the information about all the ACFP clients.

<Sysname> display acfp client-info

ACFP client total number: 1

ClientID:     4

Description:  IPS

Hw-Info:      1.0

OS-Info:      Linux Kernel 2.4.20-8

App-Info:     2.0

Client IP:    10.1.1.1

Client Mode:  mirror

Table 1-1 display acfp client-info command output description

Field	Description
ACFP client total number	Total number of ACFP clients
ClientID	Client ID, index of client list
Description	Description information of client
Hw-Info	Hardware information of the client
OS-Info	Operating system information of the client
App-Info	Application software information of the client
Client IP	Client IP address
Client Mode	Working mode supported on the client: l  redirect: redirect mode l  mirror: mirror mode

 

display acfp policy-info

Syntax

display acfp policy-info [ client client-id [ policy-index ] | dest-interface  interface-type interface-number | in-interface interface-type interface-number | out-interface interface-type interface-number ] [ active | inactive ]

View

Any view

Default Level

1: Monitor level

Parameters

client client-id: Displays the policy sent by the specified ACFP client, where client-id is the ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

dest-interface interface-type interface-number: Displays all the policies that use the specified interface (destination interface) for connecting to the ACFP client, where interface-type interface-number is the interface type and interface number.

in-interface interface-type interface-number: Displays all the policies that use the specified interface as the inbound interface, where interface-type interface-number is the interface type and interface number..

out-interface interface-type interface-number: Displays all the policies that use the specified interface as the outbound interface, where interface-type interface-number is the interface type and interface number.

active: Displays active policies only.

inactive: Displays inactive policies only.

Description

Use the display acfp policy-info command to display the ACFP policy information.

Note that:

l   When you use this command to display the policy information sent by the specified ACFP client, if you specify the policy-index argument, the command displays the information about the policy whose number is policy-index applied by the ACFP client with an ID of client-id. Otherwise, the command displays information about all the policies sent by the ACFP client with an ID of client-id.

l   If neither the active nor inactive keyword is specified, the command displays all the active or inactive policies.

l   If no argument is specified, the command displays information about all the policies.

Examples

# Display information about the effective policies for all packets that use GigabitEthernet 1/0/1 as the inbound interface.

<Sysname> display acfp policy-info in-interface gigabitethernet 1/0/1 active

ACFP policy total number: 1

ClientID:          1                 Policy-Index:    2

Rule-Num:          20                ContextID:       2007

Exist-Time:        100000(s)         Life-Time:       864000(s)

Start-Time:        9:00              End-Time:        12:00

Admin-Status:      enable            Effect-Status:   active

DestIfFailAction:  reserve           Priority:        4

In-Interface:      GigabitEthernet1/0/1

Out-Interface:     GigabitEthernet1/0/2

Dest-Interface:    Ten-GigabitEthernet1/3/1

Table 1-2 display acfp policy-info command output description

Field	Description
ACFP policy total number	Total number of ACFP policies
ClientID	Client ID, index of client list
Policy-Index	Policy index
Rule-Num	Number of rules under the policy
ContextID	Context ID
Exist-Time	For how long the policy existed, in seconds
Life-Time	Policy expiration time, in seconds
Start-Time	Policy start time
End-Time	Policy end time
Admin-Status	Policy administration status
Effect-Status	Whether the policy is effective.
DestIfFailAction	If the policy dest-interface is down, the actions to all rules under the policy are as follows: l  delete: Keep the redirected and mirrored packets being forwarded (for forwarding first devices, select the delete action); l  reserve: Discard the redirected and mirrored packets (for security first devices, select the reserve action).
Priority	Priority of a policy, number notation, in the range of 1 to 8 (the bigger the number, the higher the priority).
In-Interface	Inbound interface of the packet
Out-Interface	Outbound interface of the packet
Dest-Interface	Interface connected to the ACFP client

 

display acfp rule-info

Syntax

display acfp rule-info { in-interface [ interface-type interface-number ] | out-interface [ interface-type interface-number ] | policy [ client-id policy-index ] }

View

Any view

Default Level

1: Monitor level

Parameters

in-interface: Displays ACFP rule information in order of inbound interface. The ACFP rule information which does not include the inbound interface is not displayed.

out-interface: Displays ACFP rule information in order of outbound interface. The ACFP rule information which does not include the outbound interface is not displayed.

interface-type interface-number: Specifies an interface by its type and number.

policy: Displays the ACFP rule information in order of policy.

client-id: ACFP client ID, in the range of 1 to 2147483647.

policy-index: Policy index, in the range of 1 to 2147483647.

Description

Use the display acfp rule-info command to display ACFP rule information.

Note that:

l   When you use this command to display ACFP rule information in order of policy, if you specify neither client ID nor policy index, the rule information about all the policies is displayed.

l   When you use this command to display ACFP rule information in order of outbound/inbound interface, if you specify no interface, the rule information about all the inbound interfaces or outbound interfaces is displayed.

Examples

# Display ACFP rule information in order of inbound interface.

<Sysname> display acfp rule-info in-interface gigabitethernet 1/0/1

In-Interface:           GigabitEthernet1/0/1  

ACFP rule total number: 1

ClientID:2              Policy-Index:2           Rule-Index:5        

SMAC:00-01-02-03-04-05  DMAC:01-02-03-04-05-06

StartVLAN:2000          EndVLAN:2004

PackRate:128 Kbps

Action:rate             Status:active            OperationStatus:succeeded

# Display ACFP rule information in order of policy.

<Sysname> display acfp rule-info policy 1 1

ACFP Rule total number: 1

ClientID:1              Policy-Index:1           Rule-Index:1

SIP:192.168.132.122     SMask:0.0.0.255          SPort:65500 to 65535

DIP:192.168.112.115     DMask:0.0.0.255          DPort:65500 to 65535

Protocol:ipinip         Fragment:false   DSCP:AF11

Action:redirect         Status:inactive          OperationStatus:succeeded

Table 1-3 display acfp rule-info command output description

Field	Description
In-Interface	Inbound interface of the packet
ACFP rule total number	Total number of ACFP rules
ClientID	Client ID, index of client list
Policy-Index	Policy index
Rule-Index	Rule index
SMAC	Source MAC address
DMAC	Destination MAC address
StartVLAN	Start VLAN of the source VLAN
EndVLAN	End VLAN of the source VLAN
PackRate	Value of the restricted rate of packets, in kbps.
SIP	Source IP address
SMask	Inverse mask of source IP address
SPort	Source port number
DIP	Destination IP address
DMask	Inverse mask of destination IP address
DPort	Destination port number
Protocol	Protocol of the packet: GRE, ICMP, IGMP, IPinIP, OSPF, TCP, UDP, IP, and so on.
Fragment	Whether the packet is a fragment: l  true: Indicates the packet is a fragment l  false: Indicates all the packets, not concerned about whether the packet is a fragment or not
ToS	Type of Service, indicated by a number in the range of 0 to 15
Pre	Packet precedence, indicated by a number in the range of 0 to 7
DSCP	Differentiated Services Code Point, indicated by characters for Be, Ef, Af11, Af12, Af13, Af21, Af22, Af23, Af31, Af32, Af33, Af41, Af42, Af43, Cs1, Cs2, Cs3, Cs4, Cs5, Cs6, and Cs7 and indicated by a number in the range 0 to 63 for other code points
TCPFlag	The value is six bits, which represents URG, ACK, PSH, RST, SYN, and FIN respectively from low to high.
TCPMask	The value is six bits, which represents URG mask, ACK mask, PSH mask, RST mask, SYN mask, and FIN mask respectively from low to high. For each bit, the value 1 indicates that this bit is concerned, and the value 0 indicates that this bit is not concerned.
Action	Action, including: l  permit l  deny l  mirror l  redirect l  rate: rate limit
Status	Rule status: active or inactive
OperationStatus	Rule application status: succeeded or failed

 

display acfp server-info

Syntax

display acfp server-info

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display acfp server-info command to display ACFP server information.

Examples

 # Display ACFP server information.

<Sysname> display acfp server-info

Server-Info:     redirect mirror

Max Life-Time:   2147483647(s)

PersistentRules: false

ContextType:     HGPlus-context

Table 1-4 display acfp server-info command output description

Field	Description
Server-Info	ACFP client working mode supported by the ACFP server: l  redirect: redirect mode l  mirror: mirror mode
Max Life-Time	Maximum expiration time (in seconds) of the collaboration policy supported by the server
PersistentRules	Whether the server supports permanent collaboration rules.
ContextType	Context ID types currently supported by the server: l  no-context: No context ID is carried. l  HG-context: Carrying the preamble HG as the context ID. l  HGPlus-context: Carrying the preamble HGPlus as the context ID. l  FlowID-context: Carrying the preamble Flow ID as the context ID. l  VLANID-context: Carrying VLAN ID as the context ID. The S5800&S5820X series Ethernet switches support carrying the preamble HGPlus as the context ID (the HGPlus-context) only.