7
• Source port operator—Its type can be equal to, not equal to, greater than, less than, greater than
and less than. The following ending source port number takes effect only when the type is greater
than and less than. The source port number of the packets matched by the identifier must be greater
than the starting source port number and less than the ending source port number.
• Starting source port number
• Ending source port number
• Destination IP address
• Wildcard mask of destination IP address
• Destination port number operator—Its type can be equal to, not equal to, greater than, less than,
greater than and less than. The following ending destination port number is meaning only when
the type is greater than and less than. The destination port number of the packets matched by the
identifier must be greater than the starting destination port number and less than the ending
destination port number.
• Starting destination port number
• Ending destination port number
• Pro—Protocol type, which can be GRE, ICMP, IGMP, OSPF, TCP, UDP, and IP.
• IP precedence: Packet precedence, a number in the range of 0 to 7.
• IP ToS—Type of Service (ToS) of IP
• IP DSCP—Differentiated Services Code Point (DSCP) of IP
• TCP flag—Indicates that some bits in the six flag bits—URG, ACK, PSH, RST, SYN, FIN—are
concerned.
• IP fragment—Indicates whether the packet is an IP packet fragment.
• Rate limit
• Row state
You can use the collaboration policy to manage the collaboration rules that belong to it.
Using ACFP
• The S5800 and S5820X switches can be installed with various types of OAP cards. If you install an
IPS card on the switch, disable STP on the internal 10 Gigabit Ethernet port that connects the IPS
card to the switch. In addition, when the IPS card operates in redirection mode, if you add an
interface on the switch into a zone configured on the IPS card and configure the IPS card to monitor
the interface, then the interface does not support Portal authentication.
• In a GRE tunneling environment, an ACFP policy can be configured on a tunnel interface only.
• ACFP does not support NetStream services.
• QoS processing such as marking the QoS local ID and local priority for the packets is not
performed on the packets returned after they are redirected to the ACFP client.
• On the destination interface, the packets redirected or mirrored by ACFP only support Layer 2 QoS
processing, including queuing, WRED (Weighted Random Early Detection), and so on; but not any
other service processing, such as non-Layer 2 QoS processing and non-QoS service processing.
• With ACFP, a stream cannot be mirrored or redirected to multiple ACFP clients.
• ACFP cannot process outbound packets.
• ACFP does not support the handling of the following types of packets: broadcasts, multicasts, MPLS
packets, and inbound packets.