Contents

APR commands· 1

app-group· 1

application statistics enable· 1

copy app-group· 2

description (application group view) 3

display app-group· 4

display application· 5

display application statistics· 8

display application statistics top· 10

display port-mapping pre-defined· 12

display port-mapping user-defined· 12

include application· 14

port-mapping· 15

port-mapping acl 16

port-mapping host 17

port-mapping subnet 18

reset application statistics· 20

APR commands

app-group

Use app-group to create an application group and enter its view, or enter the view of an existing application group.

Use undo app-group to delete the specified application group.

Syntax

app-group group-name

undo app-group group-name

Default

No application groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies the application group name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

You can create a maximum of 1000 application groups on the device.

Examples

# Create an application group named aaa and enter its view.

<Sysname> system-view

[Sysname] app-group aaa

[Sysname-app-group-aaa]

Related commands

copy app-group

description

include application

application statistics enable

Use application statistics enable to enable the application statistics feature on the specified direction of an interface.

Use undo application statistics enable to disable the application statistics feature on the specified direction of an interface.

Syntax

application statistics enable [ inbound | outbound ]

undo application statistics enable [ inbound | outbound ]

Default

The application statistics feature is disabled on both directions of an interface.

Views

Layer 3 interface view

Predefined user roles

network-admin

Parameters

inbound: Specifies the inbound direction of the interface.

outbound: Specifies the outbound direction of the interface.

Usage guidelines

	IMPORTANT: The application statistics feature consumes a large amount of system memory. When the system generates a low-memory alarm, disable the application statistics feature on interfaces.

 

If no direction is specified, application statistics is enabled in both the inbound and outbound directions.

When this feature is enabled, the device separately counts the number of packets or bytes that the interface has received or sent for each application protocol. It also calculates the transmission rates of the interface for these protocols.

To display application statistics, use the display application statistics command.

Examples

# Enable application statistics in the inbound direction of GigabitEthernet 1/0.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0

[Sysname-GigabitEthernet1/0] application statistics enable inbound

# Enable application statistics in the outbound direction of GigabitEthernet 2/0.

<Sysname> system-view

[Sysname] interface gigabitethernet 2/0

[Sysname-GigabitEthernet2/0] application statistics enable outbound

# Enable application statistics in the inbound and outbound directions of GigabitEthernet 3/0.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/0

[Sysname-GigabitEthernet3/0] application statistics enable

# Enable application statistics in the inbound direction of Vlan-interface 2.

<Sysname> system-view

[Sysname] interface Vlan-interface 2

[Sysname-Vlan-interface2] application statistics enable inbound

Related commands

display application statistics

copy app-group

Use copy app-group to copy all application protocols in an application group to another group.

Syntax

copy app-group group-name

Views

Application group view

Predefined user roles

network-admin

Parameters

group-name: Specifies the name of the source application group, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

Execute this command multiple times to copy application protocols in different groups to the current group.

Examples

# Copy application protocols in group bcd to group abc.

<Sysname> system-view

[Sysname] app-group abc

[Sysname-app-group-abc] copy app-group bcd

Related commands

app-group

include application

description (application group view)

Use description to configure the description of an application group.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An application group is described as "User-defined application group".

Views

Application group view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters. If the string includes spaces, use a pair of quotation marks ("") to enclose all characters.

Usage guidelines

Configure descriptions for different application groups for identification and management purposes.

Examples

# Configure a description for application group aaa.

<Sysname> system-view

[Sysname] app-group aaa

[Sysname-app-group-aaa] description "User defined aaa group"

Related commands

app-group

display app-group

Use display app-group to display information about the specified application groups.

Syntax

display app-group [ name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name group-name: Specifies an application group by its name. The group-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed. If you do not specify an application group, this command displays information about all application groups.

Examples

# Display information about all application groups.

<Sysname> display app-group

User-defined count:3

Group Name                         Type           Group ID

 6767                               User-defined   0x00800002

 er                                 User-defined   0x00800001

 hbc                                User-defined   0x00800003

# Display information about application group er.

<Sysname> display app-group name er

 Group English name: er

 Group Chinese name: er

 Group ID:           0x00800001

 Type:               User-defined

 

Application count:  2

 Include application list:

 Application name                   Type           App ID

 114Travel                          Pre-defined    0x0000542c

 banc                                User-defined   0x00800001

 

pre-defined app-group count:0

 Include pre-defined app-group list:

 App-group name                     Type           App-group ID

Table 1 Command output

Field	Description
User-defined count	Number of application groups.
Group Name	Name of the application group.
Group English name	English name of the application group.
Type	Application protocol attribute: ·     Pre-defined. ·     User-defined. This filed always displays User-defined for application groups.
Application count	Number of application protocols in the application group.
Include application list	Application protocol list.
Application name	Application protocol name.
App ID	Application protocol ID.
pre-defined app-group count	This field is not supported in the current software version. Number of predefined application groups in the application group.
Include pre-defined app-group list	This field is not supported in the current software version. List of predefined application groups.
App-group name	This field is not supported in the current software version. Name of a predefined application group.
App-group ID	This field is not supported in the current software version. ID of a predefined application group.

 

Related commands

app-group

include

display application

Use display application to display information about the specified application protocols.

Syntax

display application [ name application-name | pre-defined | user-defined ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name application-name: Specifies an application protocol by its name. The application-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

pre-defined: Specifies the predefined application protocols.

user-defined: Specifies the user-defined application protocols.

Usage guidelines

If you do not specify any parameters, this command displays information about all application protocols.

Examples

# Display information about all predefined application protocols.

<Sysname> display application pre-defined

 Pre-defined count: 817

 

 Application name         Type         App ID      Tunnel  Encrypted  DetectLen

 12530WAP_Application_We  Pre-defined  0x000003ac  No      No         0

 b_HTTP

 12580_Application_HTTP   Pre-defined  0x00000312  No      No         0

 126_Web_Email_Download_  Pre-defined  0x000002b7  No      No         0

 HTTP

 126_Web_Email_Login_HTT  Pre-defined  0x000002b3  No      No         0

 P

 126_Web_Email_Read_Emai  Pre-defined  0x000002b4  No      No         0

 l_HTTP

 126_Web_Email_Receive_E  Pre-defined  0x000002b6  No      No         0

 mail_HTTP

 126_Web_Email_Send_Emai  Pre-defined  0x000002b5  No      No         0

 l_HTTP

 126_Web_Email_Upload_HT  Pre-defined  0x000002b8  No      No         0

 TP

 139_mobile_weibo_commen  Pre-defined  0x000001da  No      No         0

 t_HTTP

 139_mobile_weibo_login_  Pre-defined  0x000001d9  No      No         0

 HTTP

 139_mobile_weibo_login_  Pre-defined  0x00000444  No      No         0

---- More ----

# Display information about all user-defined application protocols.

<Sysname> display application user-defined

 User-defined count: 4

 

 Application name         Type         App ID      Tunnel  Encrypted  DetectLen

 def                      User-defined  0x00800002  No      No         0

 dfer                     User-defined  0x00800003  No      No         0

 efer                     User-defined  0x00800004  No      No         0

 fdfad                    User-defined  0x00800001  No      No         0

# Display information about all application protocols.

<Sysname> display application

 Total count:        821

 Pre-defined count:  817

 User-defined count: 4

 

 Application name         Type         App ID      Tunnel  Encrypted  DetectLen

 12530WAP_Application_We  Pre-defined  0x000003ac  No      No         0

 b_HTTP

 12580_Application_HTTP   Pre-defined  0x00000312  No      No         0

 126_Web_Email_Download_  Pre-defined  0x000002b7  No      No         0

 HTTP

 126_Web_Email_Login_HTT  Pre-defined  0x000002b3  No      No         0

 P

 126_Web_Email_Read_Emai  Pre-defined  0x000002b4  No      No         0

 l_HTTP

 126_Web_Email_Receive_E  Pre-defined  0x000002b6  No      No         0

 mail_HTTP

 126_Web_Email_Send_Emai  Pre-defined  0x000002b5  No      No         0

 l_HTTP

 126_Web_Email_Upload_HT  Pre-defined  0x000002b8  No      No         0

 TP

 139_mobile_weibo_commen  Pre-defined  0x000001da  No      No         0

 t_HTTP

 139_mobile_weibo_login_  Pre-defined  0x000001d9  No      No         0

 HTTP

 139_mobile_weibo_login_  Pre-defined  0x00000444  No      No         0

 HTTPS

 139Mail_Login_HTTP       Pre-defined  0x000001cb  No      No         0

 139Mail_Login_HTTPS      Pre-defined  0x0000038c  No      No         0

 139Mail_Login_TCP        Pre-defined  0x0000044b  No      No         0

 163TV_HTTP               Pre-defined  0x000004c3  No      No         0

 17173_Application_HTTP   Pre-defined  0x00000350  No      No         0

 178Game_Application_HTT  Pre-defined  0x00000222  No      No         0

 P

 17K_fiction_Application  Pre-defined  0x00000330  No      No         0

 _HTTP

 19lou_Login_http_stream  Pre-defined  0x000002c0  No      No         0

 

 19lou_Publish_Or_Reply_  Pre-defined  0x000002c2  No      No         0

 http_stream1

 19lou_Publish_Or_Reply_  Pre-defined  0x000002c3  No      No         0

 http_stream2

 19lou_View_http_stream   Pre-defined  0x000002c1  No      No         0

 1ting_Music_Application  Pre-defined  0x000001bc  No      No         0

 _Mobile_HTTP

 21CN_Email_Read_HTTP     Pre-defined  0x000003fb  No      No         0

 21CN_Email_Send_HTTP     Pre-defined  0x000003fc  No      No         0

---- More ----

# Display information about application protocol Telnet.

<Sysname> display application name telnet

 Application English Name: telnet

 Application Chinese Name: telnet

 Application ID:   0x0000000e

 Tunnel:           No

 Encrypted:        No

Table 2 Command output

Field	Description
Total count	Total number of application protocols.
Pre-defined count	Number of predefined application protocols.
User-defined count	Number of user-defined application protocols.
Application name	Name of the application protocol.
Type	Application protocol type: ·     Pre-defined. ·     User-defined.
App ID/Application ID	ID of the application protocol.
Tunnel	Whether or not the protocol is a tunnel protocol, such as L2TP: ·     Yes. ·     No.
Encrypted	Whether or not the protocol is a cryptographic protocol: ·     Yes. ·     No.
DetectLen	Length of data to be inspected for application recognition. The length can be predefined or user defined. The measurement unit is byte.

 

Related commands

app-group

include

display application statistics

Use display application statistics to display statistics for the specified application protocols.

Syntax

display application statistics [ direction { inbound | outbound } | interface interface-type interface-number | name application-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

direction: Specifies the direction of the interface.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

interface interface-type interface-number: Specifies an interface by its type and number.

name application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

If you do not specify any options or keywords, this command displays statistics for application protocols on all interfaces in both inbound and outbound directions.

This command displays statistics for application protocols only after the application statistics feature is enabled on the specified interfaces. Disabling the application statistics feature on the specified interfaces deletes the corresponding application statistics.

You can display statistics for application protocols based on certain criteria, including application protocol names, interface directions, interface names, or a combination of the criteria.

Examples

# Display application statistics for GigabitEthernet 1/0.

<Sysname> display application statistics interface gigabitethernet 1/0

Interface : GigabitEthernet1/0

Application   In/Out  Packets            Bytes                PPS      BPS

Slot 1 :

http            IN      275                78631                0         275

                 OUT     357                255251               0        101

https           IN      403                39267                0        44

                 OUT     681                623501               0        32

netbios-dgm    IN      3                  729                   0        32

                 OUT     0                  0                     0        0

netbios-ns     IN      248                22816                2        1423

                 OUT     0                  0                     0        0

telnet          IN      801                43374                10      4509

                 OUT     1519               65388                20      6774

# Display application statistics for Vlan-interface 2.

<Sysname> display application statistics interface Vlan-interface 2

Interface : Vlan-interface2

Application   In/Out  Packets            Bytes                PPS      BPS

Slot 1 :

http            IN      275                78631                0         275

                 OUT     357                255251               0        101

https           IN      403                39267                0        44

                 OUT     681                623501               0        32

netbios-dgm    IN      3                  729                   0        32

                 OUT     0                  0                     0        0

netbios-ns     IN      248                22816                2        1423

                 OUT     0                  0                     0        0

telnet          IN      801                43374                10      4509

                 OUT     1519               65388                20      6774

Table 3 Command output

Field	Description
Interface	Interface name.
Application	Name of the application protocol.
In/Out	Interface direction: ·     In—Inbound. ·     Out—Outbound.
Packets	Number of packets received or sent by the interface.
Bytes	Number of bytes received or sent by the interface.
PPS	Packets received or sent per second.
BPS	Bytes received or sent per second.

 

Related commands

app-group

application statistics enable

display application statistics top

Use display application statistics top to display statistics for application protocols on an interface in descending order, based on the specified criteria.

Syntax

display application statistics top number { bps | bytes | packets | pps } interface interface-type interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number: Specifies the number of application statistics entries to be displayed. The value range is 0 to 4294967295.

bytes: Sorts application protocols by traffic size in bytes.

bps: Sorts application protocols by traffic rate in bps.

packets: Sorts application protocols by traffic size in packet count.

pps: Sorts application protocols by traffic rate in pps.

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This command displays application statistics only after the application statistics feature is enabled on the specified interface. Disabling the application statistics feature on the interface deletes the existing statistics.

The system uses the sum of inbound and outbound statistics to rank the application protocols. If the sum statistics for multiple application protocols is the same, the system displays these protocols in alphabetical order.

Examples

# Display the top three application protocols that have received and sent the most packets on GigabitEthernet 1/0.

<Sysname> display application statistics top 3 packets interface gigabitethernet 1/0

Interface : GigabitEthernet1/0

Application   In/Out Packets            Bytes                PPS      BPS

Slot 1 :

telnet          IN     1389               75219                0        44

                 OUT    2626               112745               0        54

https           IN     468                42830                0        123

                 OUT    746                626101               0        91

netbios-ns     IN     965                88780                2        1411

                 OUT    0                  0                     0        0

# Display the top three application protocols that have received and sent the most packets on Vlan-interface 2.

<Sysname> display application statistics top 3 packets interface Vlan-interface 2

Interface : Vlan-interface2

Application   In/Out Packets            Bytes                PPS      BPS

Slot 1 :

telnet          IN     1389               75219                0        44

                 OUT    2626               112745               0        54

https           IN     468                42830                0        123

                 OUT    746                626101               0        91

netbios-ns     IN     965                88780                2        1411

                 OUT    0                  0                     0        0

Table 4 Command output

Field	Description
Interface	Interface name.
Application	Name of the application protocol.
In/Out	Interface direction: ·     In—Inbound. ·     Out—Outbound.
Packets	Number of packets received or sent by the interface.
Bytes	Number of bytes received or sent by the interface.
PPS	Packets received or sent per second.
BPS	Bytes received or sent per second.

 

Related commands

app-group

application statistics enable

display port-mapping pre-defined

Use display port-mapping pre-defined to display information about the predefined port-mappings.

Syntax

display port-mapping pre-defined

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all predefined port mappings.

<Sysname> display port-mapping pre-defined

Application                     Protocol Port

afs3-kaserver                   TCP        7004

                                   UDP        7004

aol                               TCP        5190, 5191, 5192, 5193

                                   UDP        5190, 5191, 5192, 5193

appleqtc                         TCP        458

                                   UDP        458

bgp                               TCP        179

                                   UDP        179

Table 5 Command output

Field	Description
Application	Application protocol using the port mapping.
Protocol	Transport layer protocol.
Port	Port number of the application protocol.

 

Related commands

display port-mapping

port-mapping

display port-mapping user-defined

Use display port-mapping user-defined to display information about the user-defined port mappings.

Syntax

display port-mapping user-defined [ application application-name | port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

Usage guidelines

If you do not specify an application protocol or a port number, this command displays all user-defined port mappings on the device.

Examples

# Display all user-defined port mappings on the device.

<Sysname> display port-mapping user-defined

 Application       Port  Protocol    Match Type  Match Condition

-------------------------------------------------------------

 FTP                21     TCP          ---           ---

 FTP                21     UDP          IPv4 host   10.10.10.1

 FTP                2121   UDP          IPv4 host   [11.10.10.1, 11.10.10.10]

 FTP                21     UDP          IPv4 subnet 10.10.10.1/24

 FTP                21     SCTP         IPv6 host   2000:fdb8::1:00ab:853c:39ab

 HTTP               899    TCP          IPv4 ACL    2002

 HTTP               999    SCTP         IPv6 ACL    2002

Table 6 Command output

Field	Description
Application	Application protocol using port mapping.
Port	Port number to which the application protocol is mapped.
Protocol	Transport layer protocol.
Match Type	Match types: ·     ---—No match types or match conditions are specified, and all packets that have the specified port are recognized as the packets of the specified application protocol. ·     IPv4 host—A match based on the destination IPv4 addresses of the packet. ·     IPv6 host—A match based on the destination IPv6 addresses of the packet. ·     IPv4 subnet—A match based on the destination IPv4 subnet of the packet. ·     IPv6 subnet—A match based on the destination IPv6 subnet of the packet. ·     IPv4 ACL—A match based on the IPv4 ACL. ·     IPv6 ACL—A match based on the IPv6 ACL.
Match Condition	Match conditions: ·     For the match type of IPv4 host or IPv6 host, the destination IP addresses of the packets are displayed. ·     For the match type of IPv4 subnet or IPv6 subnet, the destination subnet addresses of the packets are displayed. ·     For the match type of IPv4 ACL or IPv6 ACL, the correct ACL number is displayed.

 

include application

Use include application to add application protocols to an application group.

Use undo include application to remove application protocols from an application group.

Syntax

include application application-name

undo include application application-name

Default

No application protocols exist in an application group.

Views

Application group view

Predefined user roles

network-admin

Parameters

application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

Usage guidelines

Execute this command multiple times to add multiple predefined or user-defined application protocols to an application group. The number of application protocols in an application group is not limited.

If you add a nonexistent application protocol to the application group, the system first creates the protocol before adding it to the application group. Whether the device can recognize the packets of this protocol depends on your configuration.

Examples

# Add HTTP and FTP to group abc.

<Sysname> system-view

[Sysname] app-group abc

[Sysname-app-group-abc] include application http

[Sysname-app-group-abc] include application ftp

Related commands

app-group

copy app-group

port-mapping

Use port-mapping to configure a general port mapping.

Use undo port-mapping to remove a general port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ]

undo port-mapping application application-name port port-number [ protocol protocol-name ]

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

·     dccp: Specifies DCCP.

·     sctp: Specifies SCTP.

·     tcp: Specifies TCP.

·     udp: Specifies UDP.

·     udp-lite: Specifies UDP-Lite.

Usage guidelines

If no transport layer protocol is specified, packets that meet the following conditions are recognized as the specified application protocol's packets:

·     Packets are encapsulated by any transport layer protocol.

·     Packets have the specified port.

If the destination port of a packet matches a general port mapping, APR recognizes the packet as the specified application protocol's packet.

A mapping with the transport layer protocol specified has a higher priority than one without it.

If two port mappings are configured with the same port number and transport layer protocol, but with different application protocols, the most recent configuration takes effect.

To change the port number mapped to an application protocol, perform the following tasks:

1.     Use the undo port-mapping application command to remove the existing general port mapping.

2.     Use the port-mapping application command to specify a different port number for the application protocol.

Examples

# Create a general port mapping of port 3456 to FTP.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456

Related commands

display port-mapping user-defined

port-mapping acl

Use port-mapping acl to configure an ACL-based host-port mapping.

Use undo port-mapping acl to remove an ACL-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number

undo port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

·     dccp: Specifies DCCP.

·     sctp: Specifies SCTP.

·     tcp: Specifies TCP.

·     udp: Specifies UDP.

·     udp-lite: Specifies UDP-Lite.

acl [ ipv6 ] acl-number: Specifies the number of an ACL, in the range of 2000 to 2999. To specify an IPv6 ACL, include the ipv6 keyword. To specify an IPv4 ACL, do not include the ipv6 keyword. The ACL will not count traffic that matches this ACL-based host-port mapping even if match counting is enabled for the ACL.

Usage guidelines

APR uses ACL-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

·     The packet's destination IP address matches the specified source IP address defined in the ACL.

·     The packet's destination port matches the specified port in the mapping.

·     The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

If two port mappings are configured with the same port number, transport layer protocol, and ACL, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a port mapping of port 3456 to FTP for the packets matching ACL 2000.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 acl 2000

Related commands

display port-mapping user-defined

port-mapping host

Use port-mapping host to configure an IP address-based host-port mapping.

Use undo port-mapping host to remove an IP address-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]

undo port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

·     dccp: Specifies DCCP.

·     sctp: Specifies SCTP.

·     tcp: Specifies TCP.

·     udp: Specifies UDP.

·     udp-lite: Specifies UDP-Lite.

ip: Specifies IPv4 addresses.

ipv6: Specifies IPv6 addresses.

start-ip-address [ end-ip-address ]: Specifies a range of IPv4 or IPv6 addresses. The start-ip-address argument represents the start IP address, and the end-ip-address argument represents the end IP address. To specify only one IP address, provide only the start IP address. To specify a range of IP addresses, provide both the start and end IP addresses, and make sure the end IP address is higher than the start IP address.

Usage guidelines

APR uses IP address-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

·     The packet is destined for the specified IP address or IP subnet in the mapping.

·     The packet's destination port matches the specified port in the mapping.

·     The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

No overlapping of IP addresses is tolerable for the host-port mappings configured with the same application protocol, port number, and transport layer protocol.

If two port mappings are configured with the same port number, transport layer protocol, and IP address or IP address ranges, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a mapping of port 3456 to FTP for the IPv4 packets sent to the host at 1.1.1.1 to 1.1.1.10.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 host ip 1.1.1.1 1.1.1.10

# Create a mapping of port 3456 to FTP for the IPv6 packets sent to 1::1.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 host ipv6 1::1

Related commands

display port-mapping user-defined

port-mapping subnet

Use port-mapping subnet to configure a subnet-based host-port mapping.

Use undo port-mapping subnet to remove a subnet-based host-port mapping.

Syntax

port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }

undo port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

·     dccp: Specifies DCCP.

·     sctp: Specifies SCTP.

·     tcp: Specifies TCP.

·     udp: Specifies UDP.

·     udp-lite: Specifies UDP-Lite.

ip ipv4-address { mask-length | mask }: Specifies an IPv4 subnet.

·     The ipv4-address argument specifies the IPv4 network address.

·     The mask-length argument specifies the mask length of the IPv4 subnet, in the range of 1 to 32.

·     The mask argument specifies the subnet mask in dotted decimal notation.

ipv6 ipv6-address prefix-length: Specifies an IPv6 subnet. The ipv6-address argument specifies the IPv6 network address, and the prefix-length argument specifies the length of the IPv6 prefix, in the range of 1 to 128.

Usage guidelines

APR uses subnet-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:

·     The packet is destined for the specified IP subnet in the mapping.

·     The packet's destination port matches the specified port in the mapping.

·     The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.

If multiple subnet-based mappings are applied to packets and these subnets overlap, APR matches the packets destined for the overlapped segment with the port mapping of the subnet that has the smallest range.

If two port mappings are configured with the same port number, transport layer protocol, and subnet, but with different application protocols, the most recent configuration takes effect.

A mapping with the transport layer protocol specified has a higher priority than one without it.

Examples

# Create a mapping of port 3456 to FTP for the packets sent to the IPv4 hosts on subnet 1.1.1.0/24.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 subnet ip 1.1.1.0 24

# Create a mapping of port 3456 to FTP for the packets sent to the IPv6 hosts on subnet 1:: /120.

<Sysname> system-view

[Sysname] port-mapping application ftp port 3456 subnet ipv6 1:: 120

Related commands

display port-mapping user-defined

reset application statistics

Use reset application statistics to clear application statistics for interfaces.

Syntax

reset application statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears application statistics for all interfaces.

Examples

# Clear application statistics for GigabitEthernet 1/0.

<Sysname> reset application statistics interface gigabitethernet 1/0

# Clear application statistics for all interfaces.

<Sysname> reset application statistics

Related commands

application statistics enable

display application statistics