Acfp collaboration rules – H3C Technologies H3C S7500E Series Switches User Manual
Page 13
2-4
z
Policy-Index
z
In-interface: Interface through which the packet is sent to the ACFP server.
z
Out-interface: Interface through which the packet is forwarded normally.
z
Dest-interface: ACFP server interface connected with ACFP client.
z
Context ID: It is used when the packet is mirrored or redirected to an ACFP client. After the
interface connected to the ACFP client is specified in the policy sent, the ACFP server assigns it a
global serial number, that is, the Context ID, with each Context ID corresponding to an ACFP
collaboration policy.
z
Admin-Status: It indicates whether to enable the policy.
z
Effect-Status: It indicates the expiration time of the policy and is used to control the expiration time
of all the rules under the policy.
z
Start-Time: It indicates starting from what time (second/minute/hour) the policy takes effect and is
used to control starting from what time all the rules under the policy take effect.
z
End-time: It indicates starting from what time (second/minute/hour) the policy turns invalid and is
used to control starting from what time all the rules under the policy turn invalid.
z
DestIfFailAction: If the policy dest-interface is down, the actions to all rules under the policy will be
as follows: for forwarding first devices, select the delete action to keep the redirected and mirrored
packets being forwarded; for security first devices, select the reserve action to discard the
redirected and mirrored packets.
z
Priority: It indicates the priority of a policy, number notation, in the range of 1 to 8. The bigger the
number, the higher the priority.
ACFP collaboration rules
ACFP collaboration rules refer to the collaboration rules that the ACFP client sends to the ACFP server
for application. There are three types of collaboration rules:
z
Monitoring rules: that is, to monitor, analyze, and process the packets to be sent to the ACFP
client. The action types corresponding to monitoring rules are redirect and mirror.
z
Filtering rules: that is, to determine which packets to deny and which packets to permit. The action
types corresponding to filtering rules are deny and permit.
z
Restricting rules: that is, to determine the rate of which packets is to be restricted. The action type
corresponding to restricting rules is rate.
Rule information is described as follows:
z
ClientID: ACFP client identifier.
z
Policy index
z
Rule index: rule identifier
z
Status: It indicates whether the rule is applied successfully.
z
Action: It can be mirror, redirect, deny, permit, or rate.
z
Match all packets: It indicates whether to match all the packets. If yes, the following matching
needs not be performed.
z
Source MAC address
z
Destination MAC address
z
Starting VLAN ID
z
Ending VLAN ID