Acfp configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

13

Task Command

Remarks

Display ACFP rule configuration
information.

display acfp rule-info { global | in-interface
[ interface-type interface-number ] | out-interface

[ interface-type interface-number ] | policy

[ client-id policy-index ] } [ | { begin | exclude |
include } regular-expression ]

Available in any view.

Display the configuration
information of ACFP Trap.

display snmp-agent trap-list [ | { begin | exclude
| include } regular-expression ]

Available in any view.

ACFP configuration example

By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring these types of

interfaces, use the undo shutdown command to bring them up.

Network requirements

Different departments are connected on the intranet through Device, which serves as the ACFP server. An

ACFP client is inserted in Device and connected to Device through the internal interface

Ten-GigabitEthernet 4/0/1.
Configure the ACFP client to analyze traffic arriving at interface GigabitEthernet 5/0/23, and control
the traffic as follows:

•

Permit all packets with the source IP address 192.168.1.1/24.

•

Deny all packets with the source IP address 192.168.1.2/24.

Figure 3 Network diagram

Configuration procedure

1.

Configure Device:
# Enable the ACFP server.

system-view

[Device] acfp server enable

[Device] acsei server enable

# Assign an IP address to the VLAN interface of the management VLAN.

[Device] vlan 4094

Host A

192.168.1.1/24

ACFP client

GE5/0/24

Device

ACFP server

Host B

192.168.1.2/24

Host C

192.168.2.1/24

Host D

192.168.2.2/24

GE5/0/23

XGE4/0/1