Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

No application groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies the application group name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

You can create a maximum of 1000 application groups on the device.

Examples

# Create an application group named aaa and enter its view.

<Sysname> system-view

[Sysname] app-group aaa

[Sysname-app-group-aaa]

Related commands

copy app-group

description

include application

application statistics enable

Use application statistics enable to enable the application statistics feature on the specified direction of an interface.

Use undo application statistics enable to disable the application statistics feature on the specified direction of an interface.

Syntax

application statistics enable [ inbound | outbound ]

undo application statistics enable [ inbound | outbound ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

The application statistics feature is disabled on both directions of an interface.

Views

Layer 3 interface view

Predefined user roles

network-admin

Parameters

inbound: Specifies the inbound direction of the interface.

outbound: Specifies the outbound direction of the interface.

Usage guidelines

IMPORTANT:

The application statistics feature consumes a large amount of system memory. When the system generates a low-memory alarm, disable the application statistics feature on interfaces.

If no direction is specified, application statistics is enabled in both the inbound and outbound directions.

When this feature is enabled, the device separately counts the number of packets or bytes that the interface has received or sent for each application protocol. It also calculates the transmission rates of the interface for these protocols.

To display application statistics, use the display application statistics command.

Examples

# Enable application statistics in the inbound direction of Vlan-interface 2.

<Sysname> system-view

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] application statistics enable inbound

Related commands

display application statistics

apr set detectlen

Use apr set detectlen to set the maximum detected length for an NBAR rule.

Use undo apr set detectlen to restore the default.

Syntax

apr set detectlen bytes

undo apr set detectlen

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

The maximum detected length is not set for an NBAR rule.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

bytes: Specifies the maximum detected length in bytes for an NBAR rule. The value range is 0 to 4294967295.

Usage guidelines

The maximum detected length determines whether to inspect subsequent packets after the device recognizes an application:

· If the inspected byte count already reaches the maximum number, the device will not inspect subsequent packets.

· If the inspected byte count does not reach the maximum number, the device will inspect subsequent packets until the maximum number is reached.

If no maximum detected length is configured, the device continues to inspect subsequent packets for application recognition after recognizing an application. Inspection of subsequent packets affects device performance.

When you set the maximum detected length, make sure you fully understand its impact on system performance.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the maximum detected length to 100000 bytes for NBAR rule abcd.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] apr set detectlen 100000

Related commands

nbar application

apr signature auto-update

Use apr signature auto-update to enable automatic update for the APR signature library and enter auto-update configuration view.

Use undo apr signature auto-update to disable automatic update for the APR signature library.

Syntax

apr signature auto-update

undo apr signature auto-update

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

Automatic update is disabled for the APR signature library.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use this command to update the APR signature library if the device can access the signature library services at the H3C website.

Examples

# Enable automatic update for the APR signature library and enter auto-update configuration view.

<Sysname> system-view

[Sysname] apr signature auto-update

[Sysname-apr-autoupdate]

Related commands

override-current

update schedule

apr signature auto-update-now

Use apr signature auto-update-now to manually trigger an automatic update for the APR signature library.

Syntax

apr signature auto-update-now

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command starts the automatic APR signature library update process and backs up the current APR signature file. This command is independent of the apr signature auto-update command.

Use this command to update the APR signature library if you find a new version of APR signature library at the H3C website.

Examples

# Manually trigger an automatic update for the APR signature library.

<Sysname> system-view

[Sysname] apr signature auto-update-now

apr signature rollback

Use apr signature rollback to roll back the APR signature library.

Syntax

apr signature rollback { factory | last }

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

System view

Predefined user roles

network-admin

Parameters

factory: Rolls back the APR signature library to the factory version.

last: Rolls back the APR signature library to the last version.

Usage guidelines

You can use this command if you find that high error rate or abnormality occurs when the device uses the current APR signature library for application recognition.

Each time a rollback operation is performed, the device backs up the current version of the APR signature library. If you repeat the apr signature rollback last command multiple times, the APR signature library will repeatedly switch between the current version and the last version.

To ensure that the APR signature library can be successfully rolled back to the last version, back up the current APR signature library each time you update the library.

Examples

# Roll back the APR signature library to the last version.

<Sysname> system-view

[Sysname] apr signature rollback last

apr signature update

Use apr signature update to manually update the APR signature library.

Syntax

apr signature update [ override-current ] file-path

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

System view

Predefined user roles

network-admin

Parameters

override-current: Overwrites the old APR signature file. If you do not specify this keyword, the old APR signature file will be saved as a backup signature file on the device after the update.

file-path: Specifies the path of the new APR signature file, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Use this command to update APR signature library if the device cannot access the signature library services at the H3C website.

You can use either of the following methods to manually update the APR signature library:

· Local update—By using the locally stored APR signature file.

(In IRF mode.) The APR signature file must be stored on the mater device for a successful update.

The following table describes the formats of the file-path argument for different update scenarios:

Update scenario	Format of file-path	Remarks
The update file is stored in the current working directory.	filename	To display the current working directory, use the pwd command (see file system management in Fundamentals Command Reference).
The update file is stored in a different directory on the same storage medium.	filename	Before updating the signature library, you must use the cd command to open the directory where the update file is stored. For information about the cd command, see file system management in Fundamentals Command Reference.
The update file is stored on a different storage medium.	path/filename	Before updating the signature library, you must first use the cd command to open the root directory of the storage medium where the file is stored. For information about the cd command, see file system management in Fundamentals Command Reference.

· FTP/TFTP update—By using the APR signature file stored on an FTP or TFTP server.

The following table describes the formats of the file-path argument for different update scenarios:

Update scenario	Format of file-path	Remarks
The update file is stored on an FTP server.	ftp://username:password@server address/filename	The username argument represents the FTP login username. The password argument represents the FTP login password. The server address argument represents the IP address or host name of the FTP server. If an FTP login username or password includes colons (:), at signs (@), or slashes (/), you must replace these special characters with the corresponding escape characters. · The escape character for the colon (:) character is %3A or %3a. · The escape character for the at sign (@) character is %40. · The escape character for the slash (/) character is %2F or %2f.
The update file is stored on a TFTP server.	tftp://server address/filename	The server address argument represents the IP address or host name of the TFTP server.

Update scenario

Format of file-path

Remarks

The update file is stored on an FTP server.

ftp://username:password@server address/filename

The username argument represents the FTP login username.

The password argument represents the FTP login password.

The server address argument represents the IP address or host name of the FTP server.

If an FTP login username or password includes colons (:), at signs (@), or slashes (/), you must replace these special characters with the corresponding escape characters.

· The escape character for the colon (:) character is %3A or %3a.

· The escape character for the at sign (@) character is %40.

· The escape character for the slash (/) character is %2F or %2f.

The update file is stored on a TFTP server.

tftp://server address/filename

The server address argument represents the IP address or host name of the TFTP server.

If you specify the host name, make sure the following requirements are met:

¡ The device can resolve the IP address of the FTP or TFTP server through static or dynamic domain name resolution.

¡ The device and server can reach each other.

- For information about DNS, see Network Connectivity Configuration Guide.

Examples

# Manually update the APR signature library by using an APR signature file stored on a TFTP server.

<Sysname> system-view

[Sysname] apr signature update tftp://192.168.0.1/apr-1.0.2-en.dat

# Manually update the APR signature library by using an APR signature file stored on an FTP server.

<Sysname> system-view

[Sysname] apr signature update ftp://user%3A123:user%40abc%2F123@192.168.0.10/apr-1.0.2-en.dat

# Manually update the APR signature library by using an APR signature file stored on the device, The file is stored in directory cfa0:/apr-1.0.23-en.dat. In this example, the working directory is cfa0:.

<Sysname> system-view

[Sysname] apr signature update apr-1.0.23-en.dat

# Manually update the APR signature library by using an APR signature file stored on the device, The file is stored in directory cfa0:/dpi/apr-1.0.23-en.dat. In this example, the working directory is cfa0:.

<Sysname> cd dpi

<Sysname> system-view

[Sysname] apr signature update apr-1.0.23-en.dat

# Manually update the APR signature library by using an APR signature file stored on the device, The file is stored in directory cfb0:/dpi/apr-1.0.23-en.dat. In this example, the working directory is cfa0:.

<Sysname> cd cfb0:/

<Sysname> system-view

[Sysname] apr signature update dpi/apr-1.0.23-en.dat

copy app-group

Use copy app-group to copy all application protocols in an application group to another group.

Syntax

copy app-group group-name

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Application group view

Predefined user roles

network-admin

Parameters

group-name: Specifies the name of the source application group, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

Execute this command multiple times to copy application protocols in different groups to the current group.

Examples

# Copy application protocols in group bcd to group abc.

<Sysname> system-view

[Sysname] app-group abc

[Sysname-app-group-abc] copy app-group bcd

Related commands

app-group

include application

description (application group view)

Use description to configure the description of an application group.

Use undo description to restore the default.

Syntax

description text

undo description

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

An application group is described as "User-defined application group".

Views

Application group view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters. If the string includes spaces, use a pair of quotation marks ("") to enclose all characters.

Usage guidelines

Configure descriptions for different application groups for identification and management purposes.

Examples

# Configure a description for application group aaa.

<Sysname> system-view

[Sysname] app-group aaa

[Sysname-app-group-aaa] description "User defined aaa group"

Related commands

app-group

description (NBAR rule view)

Use description to configure the description of a user-defined NBAR rule.

Use undo description to restore the default.

Syntax

description text

undo description

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule is described as "User defined application".

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters.

Usage guidelines

Configure descriptions for different user-defined NBAR rules for identification and management purposes.

Examples

# Configure a description for user-defined NBAR rule abcd.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] description "A user-defined application based on HTTP"

Related commands

nbar application

destination

Use destination to specify a destination IP address or subnet as a match criterion in a user-defined NBAR rule.

Use undo destination to restore the default.

Syntax

destination { ip ipv4-address [ mask-length ] | ipv6 ipv6-address [ prefix-length ] }

undo destination

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule matches packets destined for all IP addresses.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a destination IPv4 address or IPv4 subnet, in dotted decimal notation.

mask-length: Specifies the mask length for IPv4 addresses, in the range of 0 to 32.

ipv6 ipv6-address: Specifies a destination IPv6 address or IPv6 subnet.

prefix-length: Specifies the prefix length for IPv6 addresses, in the range of 0 to 128.

Usage guidelines

If you execute this command multiple times for the same NBAR rule, the most recent configuration takes effect.

The ipv6 ipv6-address option is not supported in the current software version. If you specify this option, the command does not take effect.

Examples

# Configure user-defined NBAR rule abcd to match packets destined for IPv4 subnet 192.168.1.0/24.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] destination ip 192.168.1.0 24

Related commands

nbar application

direction

Use direction to specify a direction as a match criterion in a user-defined NBAR rule.

Use undo direction to restore the default.

Syntax

direction { to-client | to-server }

undo direction

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule matches packets in both directions.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

to-client: Specifies the direction from server to client.

to-server: Specifies the direction from client to server.

Usage guidelines

If you execute this command multiple times for the same NBAR rule, the most recent configuration takes effect.

Examples

# Configure user-defined NBAR rule abcd to match packets from client to server.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] direction to-server

Related commands

nbar application

disable

Use disable to disable a user-defined NBAR rule.

Use undo disable to restore the default.

Syntax

disable

undo disable

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule is enabled.

Views

NBAR rule view

Predefined user roles

network-admin

Usage guidelines

Use this command to disable a user-defined NBAR rule if the following conditions exist:

· The NBAR rule will not be used in the foreseeable future.

· You do not want to delete the NBAR rule.

Examples

# Disable user-defined NBAR rule abcd.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] disable

Related commands

nbar application

display app-group

Use display app-group to display information about the specified application groups.

Syntax

display app-group [ name group-name ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name group-name: Specifies an application group by its name. The group-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed. If you do not specify an application group, this command displays information about all application groups.

Examples

# Display information about all application groups.

<Sysname> display app-group

User-defined count:3

Group Name Type Group ID

6767 User-defined 0x00800002

er User-defined 0x00800001

hbc User-defined 0x00800003

# Display information about application group er.

<Sysname> display app-group name er

Group English name: er

Group Chinese name: er

Group ID: 0x00800001

Type: User-defined

Application count: 2

Include application list:

Application name Type App ID

114Travel Pre-defined 0x0000542c

banc User-defined 0x00800001

pre-defined app-group count:0

Include pre-defined app-group list:

App-group name Type App-group ID

Table 1 Command output

Field	Description
User-defined count	Number of application groups.
Group Name	Name of the application group.
Group English name	English name of the application group.
Type	Application protocol attribute: · Pre-defined. · User-defined. This filed always displays User-defined for application groups.
Application count	Number of application protocols in the application group.
Include application list	Application protocol list.
Application name	Application protocol name.
App ID	Application protocol ID.
pre-defined app-group count	This field is not supported in the current software version. Number of predefined application groups in the application group.
Include pre-defined app-group list	This field is not supported in the current software version. List of predefined application groups.
App-group name	This field is not supported in the current software version. Name of a predefined application group.
App-group ID	This field is not supported in the current software version. ID of a predefined application group.

Related commands

app-group

include

display application

Use display application to display information about the specified application protocols.

Syntax

display application [ name application-name | pre-defined | user-defined ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name application-name: Specifies an application protocol by its name. The application-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

pre-defined: Specifies the predefined application protocols.

user-defined: Specifies the user-defined application protocols.

Usage guidelines

If you do not specify any parameters, this command displays information about all application protocols.

Examples

# Display information about all predefined application protocols.

<Sysname> display application pre-defined

Pre-defined count: 817

Application name Type App ID Tunnel Encrypted DetectLen

12530WAP_Application_We Pre-defined 0x000003ac No No 0

b_HTTP

12580_Application_HTTP Pre-defined 0x00000312 No No 0

126_Web_Email_Download_ Pre-defined 0x000002b7 No No 0

HTTP

126_Web_Email_Login_HTT Pre-defined 0x000002b3 No No 0

126_Web_Email_Read_Emai Pre-defined 0x000002b4 No No 0

l_HTTP

126_Web_Email_Receive_E Pre-defined 0x000002b6 No No 0

mail_HTTP

126_Web_Email_Send_Emai Pre-defined 0x000002b5 No No 0

l_HTTP

126_Web_Email_Upload_HT Pre-defined 0x000002b8 No No 0

139_mobile_weibo_commen Pre-defined 0x000001da No No 0

t_HTTP

139_mobile_weibo_login_ Pre-defined 0x000001d9 No No 0

HTTP

139_mobile_weibo_login_ Pre-defined 0x00000444 No No 0

---- More ----

# Display information about all user-defined application protocols.

<Sysname> display application user-defined

User-defined count: 4

Application name Type App ID Tunnel Encrypted DetectLen

def User-defined 0x00800002 No No 0

dfer User-defined 0x00800003 No No 0

efer User-defined 0x00800004 No No 0

fdfad User-defined 0x00800001 No No 0

# Display information about all application protocols.

<Sysname> display application

Total count: 821

Pre-defined count: 817

User-defined count: 4

Application name Type App ID Tunnel Encrypted DetectLen

12530WAP_Application_We Pre-defined 0x000003ac No No 0

b_HTTP

12580_Application_HTTP Pre-defined 0x00000312 No No 0

126_Web_Email_Download_ Pre-defined 0x000002b7 No No 0

HTTP

126_Web_Email_Login_HTT Pre-defined 0x000002b3 No No 0

126_Web_Email_Read_Emai Pre-defined 0x000002b4 No No 0

l_HTTP

126_Web_Email_Receive_E Pre-defined 0x000002b6 No No 0

mail_HTTP

126_Web_Email_Send_Emai Pre-defined 0x000002b5 No No 0

l_HTTP

126_Web_Email_Upload_HT Pre-defined 0x000002b8 No No 0

139_mobile_weibo_commen Pre-defined 0x000001da No No 0

t_HTTP

139_mobile_weibo_login_ Pre-defined 0x000001d9 No No 0

HTTP

139_mobile_weibo_login_ Pre-defined 0x00000444 No No 0

HTTPS

139Mail_Login_HTTP Pre-defined 0x000001cb No No 0

139Mail_Login_HTTPS Pre-defined 0x0000038c No No 0

139Mail_Login_TCP Pre-defined 0x0000044b No No 0

163TV_HTTP Pre-defined 0x000004c3 No No 0

17173_Application_HTTP Pre-defined 0x00000350 No No 0

178Game_Application_HTT Pre-defined 0x00000222 No No 0

17K_fiction_Application Pre-defined 0x00000330 No No 0

_HTTP

19lou_Login_http_stream Pre-defined 0x000002c0 No No 0

19lou_Publish_Or_Reply_ Pre-defined 0x000002c2 No No 0

http_stream1

19lou_Publish_Or_Reply_ Pre-defined 0x000002c3 No No 0

http_stream2

19lou_View_http_stream Pre-defined 0x000002c1 No No 0

1ting_Music_Application Pre-defined 0x000001bc No No 0

_Mobile_HTTP

21CN_Email_Read_HTTP Pre-defined 0x000003fb No No 0

21CN_Email_Send_HTTP Pre-defined 0x000003fc No No 0

---- More ----

# Display information about application protocol Telnet.

<Sysname> display application name telnet

Application English Name: telnet

Application Chinese Name: telnet

Application ID: 0x0000000e

Tunnel: No

Encrypted: No

Table 2 Command output

Field	Description
Total count	Total number of application protocols.
Pre-defined count	Number of predefined application protocols.
User-defined count	Number of user-defined application protocols.
Application name	Name of the application protocol.
Type	Application protocol type: · Pre-defined. · User-defined.
App ID/Application ID	ID of the application protocol.
Tunnel	Whether or not the protocol is a tunnel protocol, such as L2TP: · Yes. · No.
Encrypted	Whether or not the protocol is a cryptographic protocol: · Yes. · No.
DetectLen	Length of data to be inspected for application recognition. The length can be predefined or user defined. The measurement unit is byte.

Related commands

app-group

include

display application statistics

Use display application statistics to display statistics for the specified application protocols.

Syntax

In standalone mode:

display application statistics [ direction { inbound | outbound } | interface interface-type interface-number | name application-name ] *

In IRF mode:

display application statistics [ direction { inbound | outbound } | interface interface-type interface-number [ slot slot-number ] | name application-name ] *

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

direction: Specifies the direction of the interface.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member by its member ID. This option is available only for global interfaces, such as VLAN interfaces and tunnel interfaces. (In IRF mode.)

name application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

If you do not specify any options or keywords, this command displays statistics for application protocols on all interfaces in both inbound and outbound directions.

This command displays statistics for application protocols only after the application statistics feature is enabled on the specified interfaces. Disabling the application statistics feature on the specified interfaces deletes the corresponding application statistics.

You can display statistics for application protocols based on certain criteria, including application protocol names, interface directions, interface names, or a combination of the criteria.

Examples

# Display application statistics for Vlan-interface 2.

<Sysname> display application statistics interface Vlan-interface 2

Interface : Vlan-interface2

Application In/Out Packets Bytes PPS BPS

Slot 1 :

http IN 275 78631 0 275

OUT 357 255251 0 101

https IN 403 39267 0 44

OUT 681 623501 0 32

netbios-dgm IN 3 729 0 32

OUT 0 0 0 0

netbios-ns IN 248 22816 2 1423

OUT 0 0 0 0

telnet IN 801 43374 10 4509

OUT 1519 65388 20 6774

Table 3 Command output

Field	Description
Interface	Interface name.
Application	Name of the application protocol.
In/Out	Interface direction: · In—Inbound. · Out—Outbound.
Packets	Number of packets received or sent by the interface.
Bytes	Number of bytes received or sent by the interface.
PPS	Packets received or sent per second.
BPS	Bytes received or sent per second.

Related commands

app-group

application statistics enable

display application statistics top

Use display application statistics top to display statistics for application protocols on an interface in descending order, based on the specified criteria.

Syntax

In standalone mode:

display application statistics top number { bps | bytes | packets | pps } interface interface-type interface-number

In IRF mode:

display application statistics top number { bps | bytes | packets | pps } interface interface-type interface-number [ slot slot-number ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number: Specifies the number of application statistics entries to be displayed. The value range is 0 to 4294967295.

bytes: Sorts application protocols by traffic size in bytes.

bps: Sorts application protocols by traffic rate in bps.

packets: Sorts application protocols by traffic size in packet count.

pps: Sorts application protocols by traffic rate in pps.

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member by its member ID. This option is available only for global interfaces, such as VLAN interfaces and tunnel interfaces. (In IRF mode.)

Usage guidelines

This command displays application statistics only after the application statistics feature is enabled on the specified interface. Disabling the application statistics feature on the interface deletes the existing statistics.

The system uses the sum of inbound and outbound statistics to rank the application protocols. If the sum statistics for multiple application protocols is the same, the system displays these protocols in alphabetical order.

Examples

# Display the top three application protocols that have received and sent the most packets on Vlan-interface 2.

<Sysname> display application statistics top 3 packets interface Vlan-interface 2

Interface : Vlan-interface2

Application In/Out Packets Bytes PPS BPS

Slot 1 :

telnet IN 1389 75219 0 44

OUT 2626 112745 0 54

https IN 468 42830 0 123

OUT 746 626101 0 91

netbios-ns IN 965 88780 2 1411

OUT 0 0 0 0

Table 4 Command output

Field	Description
Interface	Interface name.
Application	Name of the application protocol.
In/Out	Interface direction: · In—Inbound. · Out—Outbound.
Packets	Number of packets received or sent by the interface.
Bytes	Number of bytes received or sent by the interface.
PPS	Packets received or sent per second.
BPS	Bytes received or sent per second.

Related commands

app-group

application statistics enable

display apr signature information

Use display apr signature information to display APR signature library information.

Syntax

display apr signature information

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display APR signature library information.

<Sysname> display apr signature information

APR signature library information:

Type SigVersion ReleaseTime Size

Current 1.0.49 Tue Sep 13 06:54:01 2016 659744

Last 1.0.52 Wed Nov 02 07:14:03 2016 702640

Factory 1.0.0 Fri Dec 31 16:00:00 1999 77040

Table 5 Command output

Field	Description
Type	Version type of the APR signature library: · Current. · Last. · Factory.
SigVersion	Version of the APR signature library.
ReleaseTime	Release time of the APR signature library.
Size	Size of the APR signature library, in bytes.

display port-mapping pre-defined

Use display port-mapping pre-defined to display information about the predefined port-mappings.

Syntax

display port-mapping pre-defined

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all predefined port mappings.

<Sysname> display port-mapping pre-defined

Application Protocol Port

afs3-kaserver TCP 7004

UDP 7004

aol TCP 5190, 5191, 5192, 5193

UDP 5190, 5191, 5192, 5193

appleqtc TCP 458

UDP 458

bgp TCP 179

UDP 179

Table 6 Command output

Field	Description
Application	Application protocol using the port mapping.
Protocol	Transport layer protocol.
Port	Port number of the application protocol.

Related commands

display port-mapping

port-mapping

display port-mapping user-defined

Use display port-mapping user-defined to display information about the user-defined port mappings.

Syntax

display port-mapping user-defined [ application application-name | port port-number ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

Usage guidelines

If you do not specify an application protocol or a port number, this command displays all user-defined port mappings on the device.

Examples

# Display all user-defined port mappings on the device.

<Sysname> display port-mapping user-defined

Application Port Protocol Match Type Match Condition

-------------------------------------------------------------

FTP 21 TCP --- ---

FTP 21 UDP IPv4 host 10.10.10.1

FTP 2121 UDP IPv4 host [11.10.10.1, 11.10.10.10]

FTP 21 UDP IPv4 subnet 10.10.10.1/24

FTP 21 SCTP IPv6 host 2000:fdb8::1:00ab:853c:39ab

HTTP 899 TCP IPv4 ACL 2002

HTTP 999 SCTP IPv6 ACL 2002

Table 7 Command output

Field	Description
Application	Application protocol using port mapping.
Port	Port number to which the application protocol is mapped.
Protocol	Transport layer protocol.
Match Type	Match types: · ---—No match types or match conditions are specified, and all packets that have the specified port are recognized as the packets of the specified application protocol. · IPv4 host—A match based on the destination IPv4 addresses of the packet. · IPv6 host—A match based on the destination IPv6 addresses of the packet. · IPv4 subnet—A match based on the destination IPv4 subnet of the packet. · IPv6 subnet—A match based on the destination IPv6 subnet of the packet. · IPv4 ACL—A match based on the IPv4 ACL. · IPv6 ACL—A match based on the IPv6 ACL.
Match Condition	Match conditions: · For the match type of IPv4 host or IPv6 host, the destination IP addresses of the packets are displayed. · For the match type of IPv4 subnet or IPv6 subnet, the destination subnet addresses of the packets are displayed. · For the match type of IPv4 ACL or IPv6 ACL, the correct ACL number is displayed.

include application

Use include application to add application protocols to an application group.

Use undo include application to remove application protocols from an application group.

Syntax

include application application-name

undo include application application-name

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

No application protocols exist in an application group.

Views

Application group view

Predefined user roles

network-admin

Parameters

application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

Execute this command multiple times to add multiple predefined or user-defined application protocols to an application group. The number of application protocols in an application group is not limited.

If you add a nonexistent application protocol to the application group, the system first creates the protocol before adding it to the application group. Whether the device can recognize the packets of this protocol depends on your configuration.

Examples

# Add HTTP and FTP to group abc.

<Sysname> system-view

[Sysname] app-group abc

[Sysname-app-group-abc] include application http

[Sysname-app-group-abc] include application ftp

Related commands

app-group

copy app-group

nbar application

Use nbar application to create a user-defined NBAR rule and enter its view, or enter the view of an existing NBAR rule.

Use undo nbar application to delete a user-defined NBAR rule.

Syntax

nbar application application-name protocol { http | tcp | udp }

undo nbar application application-name

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

No user-defined NBAR rules exist.

Views

System view

Predefined user roles

network-admin

Parameters

application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The following names are not allowed:

· invalid.

· other.

· Names of predefined application protocols.

http: Specifies HTTP packets to which the NBAR rule is applied.

tcp: Specifies TCP packets to which the NBAR rule is applied.

udp: Specifies UDP packets to which the NBAR rule is applied.

Usage guidelines

By default, predefined NBAR rules exist, and these NBAR rules cannot be deleted or modified. If the predefined NBAR rules cannot meet the user needs, use this command to create user-defined NBAR rules.

Examples

# Create a user-defined NBAR rule named abc and apply the rule to HTTP packets.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd]

override-current

Use override-current to overwrite the current signature file for an update operation if the APR signature library is automatically updated at a regular basis.

Use undo port-mapping to restore the default.

Syntax

override-current

undo override-current

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

If the APR signature library is automatically updated at a regular basis, the current APR signature file is not overwritten for an update operation. Instead, the device will back up the current APR signature file.

Views

Auto-update configuration view

Predefined user roles

network-admin

Usage guidelines

Use this command only if the device memory is insufficient.

This command disables the APR signature library from being rolled back to the last version. Do not use this command if the device memory is sufficient.

Examples

# Overwrite the current APR signature file for a regular online auto-update operation.

<Sysname> system-view

[Sysname] apr signature auto-update

[Sysname-apr-autoupdate] override-current

Related commands

apr signatures auto-update

port-mapping

Use port-mapping to configure a general port mapping.

Use undo port-mapping to remove a general port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ]

undo port-mapping application application-name port port-number [ protocol protocol-name ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

· dccp: Specifies DCCP.

· sctp: Specifies SCTP.

· tcp: Specifies TCP.

· udp: Specifies UDP.

· udp-lite: Specifies UDP-Lite.

Usage guidelines

If no transport layer protocol is specified, packets that meet the following conditions are recognized as the specified application protocol's packets:

· Packets are encapsulated by any transport layer protocol.

· Packets have the specified port.

If the destination port of a packet matches a general port mapping, APR recognizes the packet as the specified application protocol's packet.

A mapping with the transport layer protocol specified has a higher priority than one without it.

If two port mappings are configured with the same port number and transport layer protocol, but with different application protocols, the most recent configuration takes effect.

To change the port number mapped to an application protocol, perform the following tasks:

1. Use the undo port-mapping application command to remove the existing general port mapping.

2. Use the port-mapping application command to specify a different port number for the application protocol.

Examples

# Create a general port mapping of port 3456 to FTP.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456

Related commands

display port-mapping user-defined

port-mapping acl

Use port-mapping acl to configure an ACL-based host-port mapping.

Use undo port-mapping acl to remove an ACL-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number

undo port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

· dccp: Specifies DCCP.

· sctp: Specifies SCTP.

· tcp: Specifies TCP.

· udp: Specifies UDP.

· udp-lite: Specifies UDP-Lite.

acl [ ipv6 ] acl-number: Specifies the number of an ACL, in the range of 2000 to 2999. To specify an IPv6 ACL, include the ipv6 keyword. To specify an IPv4 ACL, do not include the ipv6 keyword. The ACL will not count traffic that matches this ACL-based host-port mapping even if match counting is enabled for the ACL.

Usage guidelines

APR uses ACL-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

· The packet's destination IP address matches the specified source IP address defined in the ACL.

· The packet's destination port matches the specified port in the mapping.

· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

If two port mappings are configured with the same port number, transport layer protocol, and ACL, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a port mapping of port 3456 to FTP for the packets matching ACL 2000.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 acl 2000

Related commands

display port-mapping user-defined

port-mapping host

Use port-mapping host to configure an IP address-based host-port mapping.

Use undo port-mapping host to remove an IP address-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]

undo port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

· dccp: Specifies DCCP.

· sctp: Specifies SCTP.

· tcp: Specifies TCP.

· udp: Specifies UDP.

· udp-lite: Specifies UDP-Lite.

ip: Specifies IPv4 addresses.

ipv6: Specifies IPv6 addresses.

start-ip-address [ end-ip-address ]: Specifies a range of IPv4 or IPv6 addresses. The start-ip-address argument represents the start IP address, and the end-ip-address argument represents the end IP address. To specify only one IP address, provide only the start IP address. To specify a range of IP addresses, provide both the start and end IP addresses, and make sure the end IP address is higher than the start IP address.

Usage guidelines

APR uses IP address-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

· The packet is destined for the specified IP address or IP subnet in the mapping.

· The packet's destination port matches the specified port in the mapping.

· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

No overlapping of IP addresses is tolerable for the host-port mappings configured with the same application protocol, port number, and transport layer protocol.

If two port mappings are configured with the same port number, transport layer protocol, and IP address or IP address ranges, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a mapping of port 3456 to FTP for the IPv4 packets sent to the host at 1.1.1.1 to 1.1.1.10.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 host ip 1.1.1.1 1.1.1.10

# Create a mapping of port 3456 to FTP for the IPv6 packets sent to 1::1.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 host ipv6 1::1

Related commands

display port-mapping user-defined

port-mapping subnet

Use port-mapping subnet to configure a subnet-based host-port mapping.

Use undo port-mapping subnet to remove a subnet-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }

undo port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

· dccp: Specifies DCCP.

· sctp: Specifies SCTP.

· tcp: Specifies TCP.

· udp: Specifies UDP.

· udp-lite: Specifies UDP-Lite.

ip ipv4-address { mask-length | mask }: Specifies an IPv4 subnet.

· The ipv4-address argument specifies the IPv4 network address.

· The mask-length argument specifies the mask length of the IPv4 subnet, in the range of 1 to 32.

· The mask argument specifies the subnet mask in dotted decimal notation.

ipv6 ipv6-address prefix-length: Specifies an IPv6 subnet. The ipv6-address argument specifies the IPv6 network address, and the prefix-length argument specifies the length of the IPv6 prefix, in the range of 1 to 128.

Usage guidelines

APR uses subnet-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

· The packet is destined for the specified IP subnet in the mapping.

· The packet's destination port matches the specified port in the mapping.

· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

If multiple subnet-based mappings are applied to packets and these subnets overlap, APR matches the packets destined for the overlapped segment with the port mapping of the subnet that has the smallest range.

If two port mappings are configured with the same port number, transport layer protocol, and subnet, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a mapping of port 3456 to FTP for the packets sent to the IPv4 hosts on subnet 1.1.1.0/24.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 subnet ip 1.1.1.0 24

# Create a mapping of port 3456 to FTP for the packets sent to the IPv6 hosts on subnet 1:: /120.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 subnet ipv6 1:: 120

Related commands

display port-mapping user-defined

reset application statistics

Use reset application statistics to clear application statistics for interfaces.

Syntax

reset application statistics [ interface interface-type interface-number ]

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H-L · WX3024H-L No: · WX3010H · WX3010H-X · WX3024H · WX3024H-F
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	No
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	No
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	No
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	No

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	No
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears application statistics for all interfaces.

Examples

# Clear application statistics for GigabitEthernet 1/0/1.

<Sysname> reset application statistics interface gigabitethernet 1/0/1

# Clear application statistics for all interfaces.

<Sysname> reset application statistics

Related commands

application statistics enable

display application statistics

service-port

Use service-port to specify a port number or a port range as a match criterion in a user-defined NBAR rule.

Use undo service-port to restore the default.

Syntax

service-port { port-num | range start-port end-port }

undo service-port

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule matches packets of all port numbers.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

port-num: Specifies the port number in the range of 0 to 65535.

range: Specifies a port range.

start-port: Specifies the start port number for the port range, in the range of 0 to 65535.

end-port: Specifies the end port number for the port range, in the range of 0 to 65535. The end port number cannot be smaller than the start port number.

Usage guidelines

The specified port number or port range is used to match the packets' destination ports first. If no match is found for a packet, the device continues to match its source port. A packet is determined as a matching packet as long as one of the ports is matched.

If you execute this command multiple times for the same NBAR rule, the most recent configuration takes effect.

Examples

# Configure user-defined NBAR rule abcd to match packets with port numbers 2001 through 2004.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] service-port range 2001 2004

Related commands

direction

signature

Use signature to configure a signature for a user-defined NBAR rule.

Use undo signature to cancel the signature configuration.

Syntax

signature [ signature-id ] [ field field-name ] [ offset offset-value ] { hex hex-vector | regex regex-pattern | string string }

undo signature signature-id

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

No signatures are configured for a user-defined NBAR rule.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

signature-id: Specifies the signature ID in the range of 1 to 65535. If you do not specify this argument when creating a signature, the system automatically assigns the signature a signature ID and records the signature ID. The increment of automatically assigned signature IDs is 5. A new signature ID is the nearest unassigned multiple of the increment to the latest automatically assigned signature ID. For example, if the system automatically assigns ID 5 to a signature, the next signature ID to be assigned automatically will be 10. If signature ID 10 has been assigned manually to a signature, the next signature ID to be assigned automatically will be 15.

field field-name: Specifies a protocol field by its name. The specified protocol field must be predefined. This option is available for configuration only if the NBAR rule is applied to HTTP packets. If you do not specify this option, the configured signature takes effect on all fields in HTTP packets.

offset offset-value: Specifies the offset from the beginning of the data field, in bytes. The value range for the offset-value argument is 0 to 65535. A packet matches the signature after the offset. If you do not specify this option, a packet matches the signature from the beginning. If you also specify the field field-name option, the offset begins from the protocol field.

hex hex-vector: Specifies a hexadecimal vector as the match pattern. The hex-vector argument is a string of 6 to 254 characters. The argument must start and end with a vertical bar (|).

regex regex-pattern: S pecifies a regular expression as the match pattern. The regex-pattern argument is a case-sensitive string of 3 to 253 characters, and it must meet the following requirements:

· Nested braces are not allowed. For example, ab((abcs*?)) is invalid.

· A branch cannot be specified after another branch. For example, ab(a|b)(c|d)^\\r\\n]+? is invalid.

· A minimum of four non-wildcard characters must exist before an asterisk (*) or question mark (?). For example, abc* is invalid and abcd*DoS\x2d\d{5}\x20\x2bxi\\r\\nJOIN is valid.

string string: Specifies a string as the match pattern. The string argument is a case-sensitive string of 3 to 256 characters.

Usage guidelines

You can repeat this command to configure multiple signatures of different match patterns in a user-defined NBAR rule. If the signatures have different signature IDs, all signatures take effect. The logical relation of these signatures is OR, which indicates that a packet that matches any signature matches the NBAR rule. If the signatures have the same signature ID, the most recent configuration takes effect.

Examples

# Configure user-defined NBAR rule abcd to match packets with signature 1 which defines match string abcdegf.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] signature 1 string abcdefg

# Configure user-defined NBAR rule ddd to match packets with signature 2 which defines hexadecimal vector 123456.

<Sysname> system-view

[Sysname] nbar application ddd protocol http

[Sysname-nbar-application-ddd] signature 2 hex |123456|

Related commands

nbar application

source

Use source to specify a source IP address or subnet as a match criterion in a user-defined NBAR rule.

Use undo source to restore the default.

Syntax

source { ip ipv4-address [ mask-length ] | ipv6 ipv6-address [ prefix-length ] }

undo source

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

A user-defined NBAR rule matches packets sourced from all IP addresses.

Views

NBAR rule view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a source IPv4 address or IPv4 subnet, in dotted decimal notation.

mask-length: Specifies the mask length for IPv4 addresses, in the range of 0 to 32.

ipv6 ipv6-address: Specifies a source IPv6 address or IPv6 subnet.

prefix-length: Specifies the prefix length for IPv6 addresses, in the range of 0 to 128.

Usage guidelines

If you execute this command multiple times for the same NBAR rule, the most recent configuration takes effect.

The ipv6 ipv6-address option is not supported in the current software version. If you specify this option, the command does not take effect.

Examples

# Configure user-defined NBAR rule abcd to match packets sourced from IPv4 subnet 192.168.2.0/24.

<Sysname> system-view

[Sysname] nbar application abcd protocol http

[Sysname-nbar-application-abcd] source ip 192.168.2.0 24

Related commands

nbar application

update schedule

Use update schedule to set the update schedule for automatic update, including the update interval and update time.

Use undo update schedule to restore the default.

Syntax

update schedule { daily | weekly { fri | mon | sat | sun | thu | tue | wed } } start-time time tingle minutes

undo update schedule

The following compatibility matrixes show the support of hardware platforms for this command:

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H	EWP-WX1804H-PWR-CN	Yes
WX2500H series	WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H	EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H	Yes
WX3000H series	WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F	EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F	Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L
WX3500H series	WX3508H WX3510H WX3520H WX3520H-F WX3540H	EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H	Yes
WX5500E series	WX5510E WX5540E	EWP-WX5510E EWP-WX5540E	Yes
WX5500H series	WX5540H WX5560H WX5580H	EWP-WX5540H EWP-WX5560H EWP-WX5580H	Yes
Access controller modules	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F	Yes

‌

Hardware series	Model	Product code	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL	Yes
WX3800H series	WX3820H WX3840H	EWP-WX3820H-GL EWP-WX3840H-GL	No
WX5800H series	WX5860H	EWP-WX5860H-GL	No

‌

Default

The device automatically updates the APR signature library between 02:01:00 to 04:01:00 every day.

Views

Auto-update configuration view

Predefined user roles

network-admin

Parameters

daily: Specifies the daily update interval.

weekly: Specifies the weekly update interval. You can specify one day in a week for the update:

· fri: Specifies Friday.

· mon: Specifies Monday.

· sat: Specifies Saturday.

· sun: Specifies Sunday.

· thu: Specifies Thursday.

· tue: Specifies Tuesday.

· wed: Specifies Wednesday.

start-time time: Specifies the start time for the update, in the format of hh:mm:ss. The value range for the time argument is 00:00:00 to 23:59:59.

tingle minutes: Specifies the tolerance time in minutes. The value range for the minutes argument is 0 to 120 minutes. An automatic update will occur at a time point between the following time points:

· Start time minus half of the tolerance time.

· Start time plus half of the tolerance time.

For example, if the specified start time is 01:00:00 and the tolerance time is 60 minutes, the update starts during the period from 00:30:00 to 01:30:00.

Examples

# Configure the device to automatically update the APR signature library at 23:10:00 every Monday with a tolerance time of 10 minutes.

<Sysname> system-view

[Sysname] apr signature auto-update

[Sysname-apr-autoupdate] update schedule weekly mon start-time 23:10:00 tingle 10

Related commands

apr signature auto-update

16-Security Command Reference

display port-mapping pre-defined

port-mapping host

port-mapping subnet

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us