Acfp collaboration rules – H3C Technologies H3C S10500 Series Switches User Manual
Page 12
6
•
Start-Time—Indicates starting from what time (second/minute/hour) the policy takes effect and is
used to control starting from what time all the rules under the policy take effect.
•
End-time—Indicates starting from what time (second/minute/hour) the policy turns invalid and is
used to control starting from what time all the rules under the policy turn invalid.
•
DestIfFailAction—If the policy dest-interface is down, the actions to all rules under the policy will be
as follows—for forwarding first devices, select the delete action to keep the redirected and mirrored
packets being forwarded; for security first devices, select the reserve action to discard the redirected
and mirrored packets.
•
Priority—Indicates the priority of a policy, number notation, in the range of 1 to 8. The bigger the
number, the higher the priority.
ACFP collaboration rules
ACFP collaboration rules refer to the collaboration rules that the ACFP client sends to the ACFP server for
application. There are three types of collaboration rules:
•
Monitoring rules—To monitor, analyze, and process the packets to be sent to the ACFP client. The
action types corresponding to monitoring rules are redirect and mirror.
•
Filtering rules—To determine which packets to deny and which packets to permit. The action types
corresponding to filtering rules are deny and permit.
•
Restricting rules—To determine the rate of which packets is to be restricted. The action type
corresponding to restricting rules is rate.
Rule information is described as follows:
•
ClientID—ACFP client identifier.
•
Policy index
•
Rule index—Rule identifier.
•
Status—It indicates whether the rule is applied successfully.
•
Action—It can be mirror, redirect, deny, permit, or rate.
•
Match all packets—It indicates whether to match all the packets. If yes, the following matching
needs not be performed.
•
Source MAC address
•
Destination MAC address
•
Starting VLAN ID
•
Ending VLAN ID
•
Protocol number in IP
•
Source IP address
•
Wildcard mask of source IP address
•
Source port operator—Its type can be equal to, not equal to, greater than, less than, greater than
and less than. The following ending source port number takes effect only when the type is greater
than and less than. The source port number of the packets matched by the identifier must be greater
than the starting source port number and less than the ending source port number.
•
Starting source port number
•
Ending source port number
•
Destination IP address
•
Wildcard mask of destination IP address