3Com 5500G Configuration And Command Reference Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Switch
  5. 5500G SERIES
  6. Configuration and command reference manual
3Com 5500G Configuration And Command Reference Manual

3Com 5500G Configuration And Command Reference Manual

Switch open services networking
Hide thumbs Also See for 5500G:
Table of Contents

Advertisement

Quick Links

Download this manual
3Com
Switch 5500G Open Services
®
Networking
Configuration and Command Reference
Guide
www.3Com.com
Part Number 10016378 -AA
Published March 2008

Advertisement

Table of Contents
loading

Related Manuals for 3Com 5500G

Summary of Contents for 3Com 5500G

  • Page 1 3Com Switch 5500G Open Services ® Networking Configuration and Command Reference Guide www.3Com.com Part Number 10016378 -AA Published March 2008...
  • Page 2 ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to: Establishing environmental performance standards that comply with national legislation and regulations.

  • Page 3: Table Of Contents

    Contents Introduction Get the latest documentation and software for your 3Com OSN|M About this guide Configuring the OSN|M OSN|M Overview Switching to the OSN|M’s Operating Interface Restarting the OSN|M’s Linux OS Configuring the Application Control Forwarding Protocol (ACFP) Introduction to ACFP...
  • Page 4 display acfp policy-info display acfp rule-info display acfp server-info snmp-agent trap enable ACSEI Server Configuration Commands acsei client close acsei client reboot acsei server acsei server enable acsei timer clock-sync acsei timer monitor display acsei client info display acsei client summary ACSEI Client Configuration Commands on the OSN|M acsei-client debug disable acsei-client debug enable...

  • Page 5: Introduction

    You must register your 3Com switch to receive software upgrades. To register, point your web browser to eSupport.3Com.com. About this guide This guide provides all the information you need to use the 3Com ® Open Services Networking Module for your Switch 5500G.
  • Page 6 Introduction...

  • Page 7: Configuring The Osn|M

    You can use the Open Services Networking Module (OSN|M) as an expansion module installed in an expansion module slot on the rear panel of a Switch 5500G. The OSN|M runs the Linux operating system (Linux OS) with which you can load software such as security and voice software as needed.

  • Page 8: Restarting The Osn|M's Linux Os

    Chapter 1: Configuring the OSN|M Restarting the After you log into a switch, you can restart the OSN|M’s Linux OS of the OSN|M’s Linux OS local switch or another switch in the same fabric if you need to troubleshoot that system. An OSN|M has an independent CPU.

  • Page 9: Configuring The Application Control Forwarding Protocol (Acfp)

    3Com’s Open Systems Networking (OSN) provides customers with an open service architecture developed to achieve this functionality. Compatible IPS/IDS application modules or IPS/IDS applications running as ACFP clients allow software packages developed by other manufacturers to support the IPS/IDS services.
  • Page 10 A Switch 5500G Ethernet switch provides two internal ports, GigabitEthernet 1/1/1 and GigabitEthernet 1/1/2, to connect to the OSN|M. 3Com recommends that you do not to perform any configurations except for disabling the Spanning Tree Protocol (STP) on GigabitEthernet 1/1/1, and adding GigabitEthernet 1/1/2 to a VLAN.
  • Page 11 Introduction to ACFP 11 control the traffic on the ACFP server (namely, the routing/switching component shown in Figure 1), by implementing the following functions: Mirroring and redirecting the traffic on the ACFP server to the ACFP ■ client Permitting or denying the traffic from the ACFP server ■...
  • Page 12 It mainly refers to whether the ACFP server can keep the original collaboration policy after a reboot. The context ID type supported by the Switch 5500G’s Ethernet ■ switches is 2. Figure 2 shows the corresponding packet format (the Context field indicates the context ID location): Figure 2 Packet format corresponding to context ID type 2.
  • Page 13 Introduction to ACFP 13 OS-Info: System name and version number of the ACFP client. ■ App-Info: Application software type and version number of the ACFP ■ client. Client IP: ACFP client IP address. ■ Client Mode: Working mode currently supported by the ACFP client; ■...
  • Page 14 14 Chapter 2: Configuring the Application Control Forwarding Protocol (ACFP) ACFP collaboration rules ACFP collaboration rules refer to the rules that the ACFP client sends to the ACFP server for an application. There are two types of collaboration rules: Monitoring rules, which monitor, analyze, and process the packets to ■...

  • Page 15: Configuring Acfp

    Row state ■ You can use the collaboration policy to manage the collaboration rules that belong to it. The Switch 5500G Ethernet does not support ACFP’s pass-through mode. Using ACFP ACFP does not process IPv6 packets. ■ With ACFP, a stream cannot be mirrored or redirected to multiple ■...

  • Page 16: Displaying Acfp

    [ client-id policy-index ] } Display the configuration display snmp-agent information of ACFP Trap trap-list ACFP Configuration Example Network The internal networking of a company is as following: Requirements Different departments are connected to the intranet through Switch ■ 5500G units (ACFP server).
  • Page 17 ACFP Configuration Example 17 The IP address of Host A is 192.168.1.1/24, and that of Host B is ■ 192.168.2.1/24. They are connected to the switch through GigabitEthernet 1/0/1. The IP address of Host C is 192.168.3.1/24, and that of Host D is ■...
  • Page 18 18 Chapter 2: Configuring the Application Control Forwarding Protocol (ACFP) Configure the ACFP client through a MIB browser to send information to the Switch, where the client index is 1, three working modes are supported; host, redirect, and mirror (achieved by setting node h3cAcfpClientMode), the client row status is 4 (achieved by setting node h3cAcfpClientRowStatus) and the other parameters adopt the default values.
  • Page 19 ACFP Configuration Example 19 in network segment 192.168.2.0 (achieved by setting node h3cAcfpRuleSrcIP) and source IP wildcard-mask is 0.0.0.255 (achieved by setting node h3cAcfpRuleSrcIPMask) are matched, the rule row status is 4 (achieved by setting node h3cAcfpRuleRowStatus) and the other parameters adopt the default values.
  • Page 20 20 Chapter 2: Configuring the Application Control Forwarding Protocol (ACFP)

  • Page 21: Configuring An Application Control System Exchange Interface

    3 Configuring an Application Control System Exchange Interface Introduction to As a private protocol, an Application Control System Exchange Interface ACSEI (ACSEI) provides a method for exchanging information between Application Control Forwarding Protocol (ACFP) clients and the ACFP server. It supports ACFP collaboration, ensuring valid information interaction between the ACFP clients and the ACFP server, so that the ACFP server and clients can cooperate to run a service.
  • Page 22 Control the ACSEI clients on the ACSEI server. For example, you can ■ close or restart an ACSEI client on the ACSEI server. An ACSEI server can register multiple ACSEI clients. A Switch 5500G unit allows an ACSEI server to register up to seven ACSEI clients. ACSEI Timers An ACSEI server uses two timers, the clock synchronization timer and the monitoring timer.

  • Page 23: Configuring An Acsei Server On A Switch

    Configuring an ACSEI Server on a Switch 23 If detecting the disconnection of the ACSEI client, the ACFP server will remove the configuration and policies associated with the client. Configuring an The section covers these topics: ACSEI Server on a “Enabling an ACSEI Server”...

  • Page 24: Closing An Acsei Client

    24 Chapter 3: Configuring an Application Control System Exchange Interface To... Use the command... Remarks Enter ACSEI server view acsei server Configure the monitoring acsei timer monitor Optional timer for ACSEI server to seconds Five seconds by default. monitor ACSEI client Closing an ACSEI Follow these steps to close an ACSEI client: Client...

  • Page 25: Acsei Client Configuration On Linux System

    Linux System Linux system from the switch’s CLI. For methods of logging into the Linux system, refer to 3Com Switch 5500G OSN|M Getting Started Guide. Installing ACSEI Client You can enter the OSN|M’s Linux system, download the ACSEI client rpm package to the Linux system, and use the following commands to install ACSEI client.
  • Page 26 26 Chapter 3: Configuring an Application Control System Exchange Interface For a description of the osm connect unit command, refer to “osm ■ connect unit” on page 31. The above rpm commands are Linux operating system commands and ■ not covered in this document. Configuring the The ACSEI client is enabled once it is installed, and by default, after the Default Startup...
  • Page 27 ACSEI Client Configuration on Linux System 27 Figure 4 Setup interface for the ACSEI client default startup Select System services, press Enter. The Services screen is displayed as shown in Figure 5. Figure 5 Service interface for an ACSEI client default startup Move the cursor to acseid, and use the Space key to choose that option.
  • Page 28 28 Chapter 3: Configuring an Application Control System Exchange Interface [ * ] specifies that the Linux system automatically starts up ACSEI ■ client when started up. [ ] specifies that the Linux system does not start up ACSEI client when ■...
  • Page 29 ACSEI Client Configuration on Linux System 29 Displaying and Maintaining ACSEI To... Use the command... Remarks Client on OSN|M Switch to the OSN|M’s osm connect unit unit-id Required Linux system from the Available in user view; switch’s CLI After the operation, the operating interface is switched to the Linux system interface where...
  • Page 30 30 Chapter 3: Configuring an Application Control System Exchange Interface...

  • Page 31: Osn|M Configuration Commands

    4 OSN|M Configuration Commands osm connect unit Syntax osm connect unit unit-id View User view Parameters unit unit-id: Specifies a switch by its unit ID. Description Use the osm connect unit command to switch from the command line interface on the local switch to the Linux OS on the OSN|M. You can specify the unit ID of the local switch or the unit ID of another switch in the same fabric as the local switch.

  • Page 32: Osm Reboot Unit

    You can specify the unit ID of the local switch or the unit ID of another switch in the same fabric as the local switch. Note that before restarting an OSN|M, 3Com recommends that you save the data on the Linux OS and shut down the Linux OS to avoid service interruption and hardware data loss.

  • Page 33: Acfp Configuration Commands

    5 ACFP Configuration Commands acfp enable Syntax acfp enable undo acfp enable View System view Parameters None Description Use the acfp enable command to enable ACFP. Use the undo acfp enable command to disable ACFP. By default, ACFP is disabled. Examples # Enable ACFP.
  • Page 34 34 Chapter 5: ACFP Configuration Commands Description Use the display acfp client-info command to display the information about the specified ACFP client(s). If the ACFP client ID is specified, the information about the specified ■ ACFP client is displayed. If no ACFP client ID is specified, the information about all the ACFP ■...

  • Page 35: Display Acfp Policy-Info

    display acfp policy-info Syntax display acfp policy-info [ client client-id [ policy-index ] | dest-interface interface-type interface-number | in-interface interface-type interface-number ] [ active | inactive ] View Any view Parameters client client-id: Displays the policy sent by the specified ACFP client, where client-id is the ACFP client ID, in the range of 1 to 2147483647.

  • Page 36: Display Acfp Rule-Info

    36 Chapter 5: ACFP Configuration Commands Examples # Display information about all the active policies that specify the packet inbound port as GigabitEthernet 1/0/1. <SW5500G> display acfp policy-info in-interface GigabitEthernet 1/0/1 active ACFP policy total number: 1 ClientID: Policy-Index: Rule-Num: ContextID: 2097153 Exist-Time:...
  • Page 37 Parameters in-interface: Displays ACFP rule information in order of inbound port. The ACFP rule which does not include the inbound port is not displayed. policy: Displays the ACFP rule information in order of policy. client-id: ACFP client ID, in the range of 1 to 2147483647. policy-index: Policy index, in the range of 1 to 2147483647.

  • Page 38: Display Acfp Server-Info

    38 Chapter 5: ACFP Configuration Commands Table 3 Description of the display acfp rule-info command fields Field Description ACFP rule total number Total number of ACFP rules ClientID Client list index Policy-Index Policy index Rule-Index Rule index Source IP address SMask Inverse mask of source IP address...

  • Page 39: Snmp-Agent Trap Enable

    Table 4 Description of the display acfp server-info command fields Field Description Server-Info ACFP client working mode supported by the ACFP server: ipserver: host mode ■ redirect: redirect mode ■ mirror: mirror mode ■ Max Life-Time Maximum expiration time (in seconds) of the collaboration policy supported by the server PersistentRules...
  • Page 40 40 Chapter 5: ACFP Configuration Commands Examples # Enable the switch to send all ACFP traps. <SW5500G> system-view System View: return to User View with Ctrl+Z. [SW5500G] snmp-agent trap enable acfp...

  • Page 41: Acsei Server Configuration Commands

    6 ACSEI Server Configuration Commands acsei client close Syntax acsei client close client-id View ACSEI server view Parameters client-id: ID of the ACSEI client to be closed, in the range of 1 to 7. (An ACSEI client ID is assigned by the ACSEI server.) Description Use the acsei client close command to close the specified ACSEI client.

  • Page 42: Acsei Server

    42 Chapter 6: ACSEI Server Configuration Commands Description Use the acsei client reboot command to restart the specified ACSEI client. Note that after you restart an ACSEI client using the acsei client reboot command, the OSN|M where the ACSEI client is integrated is restarted. Examples # Restart ACSEI client 1.

  • Page 43: Acsei Timer Clock-Sync

    Description Use the acsei server enable command to enable the ACSEI server. Use the undo acsei server enable command to disable the ACSEI server. By default, the ACSEI server is disabled. Examples # Enable ACSEI server. <SW5500G> system-view System View: return to User View with Ctrl+Z. [SW5500G] acsei server enable acsei timer clock-sync Syntax...

  • Page 44: Acsei Timer Monitor

    44 Chapter 6: ACSEI Server Configuration Commands acsei timer monitor Syntax acsei timer monitor seconds undo acsei timer monitor View ACSEI server view Parameters seconds: Value of the monitoring timer that is used by the ACSEI server to monitor the ACSEI clients. It ranges from 0 to 10 (in seconds), where 0 disables the ACSEI server from monitoring the ACSEI client.
  • Page 45 The client information is retrieved from the advertisement packet sent ■ by the client, so that when there is no ACSEI client information, the command displays the information keywords only. If executed without the client-id argument, the command displays ■ information about all the ACSEI clients in order of registration time.

  • Page 46: Display Acsei Client Summary

    46 Chapter 6: ACSEI Server Configuration Commands display acsei client summary Syntax display acsei client summary [ client-id ] View Any view Parameters client-id: ID of an ACSEI client whose summary is to be displayed. This argument ranges from 1 to 7. Description Use the display acsei client summary command to display ACSEI client summary information.

  • Page 47: Acsei Client Configuration Commands On The Osn|M

    7 ACSEI Client Configuration Commands on the OSN|M You can execute the following commands in any directory of the Linux system. You can use the osm connect unit command in the switch’s user view to enter the OSN|M’s Linux system. For description of the osm connect unit command, refer to “osm connect unit”...

  • Page 48: Acsei-Client Debug Show

    48 Chapter 7: ACSEI Client Configuration Commands on the OSN|M Parameters None Description Use the acsei-client debug enable command to enable debugging for the ACSEI client. By default, debugging for the ACSEI client is disabled. Examples # Enable debugging for the ACSEI client on unit 1. <SW5500G>...

  • Page 49: Chkconfig Acseid Off

    chkconfig acseid off Syntax chkconfig acseid off View Any directory of the Linux system Parameters None Description Use the chkconfig acseid off command to prevent the ACSEI client from automatically starting with the Linux system startup. By default, the ACSEI client starts up automatically when the Linux system starts.

  • Page 50: Service Acseid Condrestart

    50 Chapter 7: ACSEI Client Configuration Commands on the OSN|M <SW5500G> osm connect unit 1 Connected to OSM! [root@localhost ~]# chkconfig acseid on service acseid condrestart Syntax service acseid condrestart View Any Linux system directory Parameters None Description Use the service acseid condrestart command to restart the ACSEI client conditionally.

  • Page 51: Service Acseid Reload

    [root@localhost ~]# service acseid status acseic-daemon is stopped service acseid reload Syntax service acseid reload View Any Linux system directory Parameters None Description Use the service acseid reload command to load the ACSEI client configuration file. Note that you can load the ACSEI client configuration file only when the ACSEI client is running.

  • Page 52: Service Acseid Start

    52 Chapter 7: ACSEI Client Configuration Commands on the OSN|M Regardless if the ACSEI client is running or not, the system first stops the ACSEI client and then starts it after you execute this command. Examples # Restart the ACSEI client on unit 1 (when the ACSEI client is running). <SW5500G>...

  • Page 53: Service Acseid Status

    # Start the ACSEI client on unit 1 when the ACSEI client is stopped. <SW5500G> osm connect unit 1 Connected to OSM! [root@localhost ~]# service acseid start Starting acseic-daemon: [ service acseid status Syntax service acseid status View Any Linux system directory Parameters None Description...
  • Page 54 54 Chapter 7: ACSEI Client Configuration Commands on the OSN|M Examples # Stop the ACSEI client on unit 1. <SW5500G> osm connect unit 1 Connected to OSM! [root@localhost ~]# service acseid status acseic-daemon (pid 2335) is running... [root@localhost ~]# service acseid stop Stopping acseic-daemon: [...

Table of Contents