- Table of Contents
-
- 16-Security Command Reference
- 00-Preface
- 01-ACL commands
- 02-APR commands
- 03-ARP attack protection commands
- 04-ASPF commands
- 05-IP source guard commands
- 06-IPsec commands
- 07-ND attack defense commands
- 08-Password control commands
- 09-PKI commands
- 10-SSH commands
- 11-SSL commands
- 12-User profile commands
- 13-Public key management commands
- 14-Attack detection and prevention commands
- 15-Session management commands
- 16-Crypto engine commands
- 17-Connection limit commands
- 18-Time range commands
- Related Documents
-
Title | Size | Download |
---|---|---|
02-APR commands | 120.33 KB |
description (application group view)
display application statistics
display application statistics top
display port-mapping pre-defined
APR commands
app-group
Use app-group to create an application group and enter its view, or enter the view of an existing application group.
Use undo app-group to delete the specified application group.
Syntax
app-group group-name
undo app-group group-name
Default
No application groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies the application group name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
Usage guidelines
You can create a maximum of 1000 application groups on the device.
Examples
# Create an application group named aaa and enter its view.
<Sysname> system-view
[Sysname] app-group aaa
[Sysname-app-group-aaa]
Related commands
copy app-group
description
include application
application statistics enable
Use application statistics enable to enable the application statistics feature on the specified direction of an interface.
Use undo application statistics enable to disable the application statistics feature on the specified direction of an interface.
Syntax
application statistics enable [ inbound | outbound ]
undo application statistics enable [ inbound | outbound ]
Default
The application statistics feature is disabled on both directions of an interface.
Views
Layer 3 interface view
Predefined user roles
network-admin
Parameters
inbound: Specifies the inbound direction of the interface.
outbound: Specifies the outbound direction of the interface.
Usage guidelines
IMPORTANT: The application statistics feature consumes a large amount of system memory. When the system generates a low-memory alarm, disable the application statistics feature on interfaces. |
If no direction is specified, application statistics is enabled in both the inbound and outbound directions.
When this feature is enabled, the device separately counts the number of packets or bytes that the interface has received or sent for each application protocol. It also calculates the transmission rates of the interface for these protocols.
To display application statistics, use the display application statistics command.
Examples
# Enable application statistics in the inbound direction of GigabitEthernet 1/0.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0
[Sysname-GigabitEthernet1/0] application statistics enable inbound
# Enable application statistics in the outbound direction of GigabitEthernet 2/0.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/0
[Sysname-GigabitEthernet2/0] application statistics enable outbound
# Enable application statistics in the inbound and outbound directions of GigabitEthernet 3/0.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0
[Sysname-GigabitEthernet3/0] application statistics enable
# Enable application statistics in the inbound direction of Vlan-interface 2.
<Sysname> system-view
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] application statistics enable inbound
Related commands
display application statistics
copy app-group
Use copy app-group to copy all application protocols in an application group to another group.
Syntax
copy app-group group-name
Views
Application group view
Predefined user roles
network-admin
Parameters
group-name: Specifies the name of the source application group, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
Usage guidelines
Execute this command multiple times to copy application protocols in different groups to the current group.
Examples
# Copy application protocols in group bcd to group abc.
<Sysname> system-view
[Sysname] app-group abc
[Sysname-app-group-abc] copy app-group bcd
Related commands
app-group
include application
description (application group view)
Use description to configure the description of an application group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An application group is described as "User-defined application group".
Views
Application group view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 127 characters. If the string includes spaces, use a pair of quotation marks ("") to enclose all characters.
Usage guidelines
Configure descriptions for different application groups for identification and management purposes.
Examples
# Configure a description for application group aaa.
<Sysname> system-view
[Sysname] app-group aaa
[Sysname-app-group-aaa] description "User defined aaa group"
Related commands
app-group
display app-group
Use display app-group to display information about the specified application groups.
Syntax
display app-group [ name group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name group-name: Specifies an application group by its name. The group-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed. If you do not specify an application group, this command displays information about all application groups.
Examples
# Display information about all application groups.
<Sysname> display app-group
User-defined count:3
Group Name Type Group ID
6767 User-defined 0x00800002
er User-defined 0x00800001
hbc User-defined 0x00800003
# Display information about application group er.
<Sysname> display app-group name er
Group English name: er
Group Chinese name: er
Group ID: 0x00800001
Type: User-defined
Application count: 2
Include application list:
Application name Type App ID
114Travel Pre-defined 0x0000542c
banc User-defined 0x00800001
pre-defined app-group count:0
Include pre-defined app-group list:
App-group name Type App-group ID
Table 1 Command output
Field |
Description |
User-defined count |
Number of application groups. |
Group Name |
Name of the application group. |
Group English name |
English name of the application group. |
Type |
Application protocol attribute: · Pre-defined. · User-defined. This filed always displays User-defined for application groups. |
Application count |
Number of application protocols in the application group. |
Include application list |
Application protocol list. |
Application name |
Application protocol name. |
App ID |
Application protocol ID. |
pre-defined app-group count |
This field is not supported in the current software version. Number of predefined application groups in the application group. |
Include pre-defined app-group list |
This field is not supported in the current software version. List of predefined application groups. |
App-group name |
This field is not supported in the current software version. Name of a predefined application group. |
App-group ID |
This field is not supported in the current software version. ID of a predefined application group. |
Related commands
app-group
include
display application
Use display application to display information about the specified application protocols.
Syntax
display application [ name application-name | pre-defined | user-defined ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name application-name: Specifies an application protocol by its name. The application-name argument is a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
pre-defined: Specifies the predefined application protocols.
user-defined: Specifies the user-defined application protocols.
Usage guidelines
If you do not specify any parameters, this command displays information about all application protocols.
Examples
# Display information about all predefined application protocols.
<Sysname> display application pre-defined
Pre-defined count: 817
Application name Type App ID Tunnel Encrypted DetectLen
12530WAP_Application_We Pre-defined 0x000003ac No No 0
b_HTTP
12580_Application_HTTP Pre-defined 0x00000312 No No 0
126_Web_Email_Download_ Pre-defined 0x000002b7 No No 0
HTTP
126_Web_Email_Login_HTT Pre-defined 0x000002b3 No No 0
P
126_Web_Email_Read_Emai Pre-defined 0x000002b4 No No 0
l_HTTP
126_Web_Email_Receive_E Pre-defined 0x000002b6 No No 0
mail_HTTP
126_Web_Email_Send_Emai Pre-defined 0x000002b5 No No 0
l_HTTP
126_Web_Email_Upload_HT Pre-defined 0x000002b8 No No 0
TP
139_mobile_weibo_commen Pre-defined 0x000001da No No 0
t_HTTP
139_mobile_weibo_login_ Pre-defined 0x000001d9 No No 0
HTTP
139_mobile_weibo_login_ Pre-defined 0x00000444 No No 0
---- More ----
# Display information about all user-defined application protocols.
<Sysname> display application user-defined
User-defined count: 4
Application name Type App ID Tunnel Encrypted DetectLen
def User-defined 0x00800002 No No 0
dfer User-defined 0x00800003 No No 0
efer User-defined 0x00800004 No No 0
fdfad User-defined 0x00800001 No No 0
# Display information about all application protocols.
<Sysname> display application
Total count: 821
Pre-defined count: 817
User-defined count: 4
Application name Type App ID Tunnel Encrypted DetectLen
12530WAP_Application_We Pre-defined 0x000003ac No No 0
b_HTTP
12580_Application_HTTP Pre-defined 0x00000312 No No 0
126_Web_Email_Download_ Pre-defined 0x000002b7 No No 0
HTTP
126_Web_Email_Login_HTT Pre-defined 0x000002b3 No No 0
P
126_Web_Email_Read_Emai Pre-defined 0x000002b4 No No 0
l_HTTP
126_Web_Email_Receive_E Pre-defined 0x000002b6 No No 0
mail_HTTP
126_Web_Email_Send_Emai Pre-defined 0x000002b5 No No 0
l_HTTP
126_Web_Email_Upload_HT Pre-defined 0x000002b8 No No 0
TP
139_mobile_weibo_commen Pre-defined 0x000001da No No 0
t_HTTP
139_mobile_weibo_login_ Pre-defined 0x000001d9 No No 0
HTTP
139_mobile_weibo_login_ Pre-defined 0x00000444 No No 0
HTTPS
139Mail_Login_HTTP Pre-defined 0x000001cb No No 0
139Mail_Login_HTTPS Pre-defined 0x0000038c No No 0
139Mail_Login_TCP Pre-defined 0x0000044b No No 0
163TV_HTTP Pre-defined 0x000004c3 No No 0
17173_Application_HTTP Pre-defined 0x00000350 No No 0
178Game_Application_HTT Pre-defined 0x00000222 No No 0
P
17K_fiction_Application Pre-defined 0x00000330 No No 0
_HTTP
19lou_Login_http_stream Pre-defined 0x000002c0 No No 0
19lou_Publish_Or_Reply_ Pre-defined 0x000002c2 No No 0
http_stream1
19lou_Publish_Or_Reply_ Pre-defined 0x000002c3 No No 0
http_stream2
19lou_View_http_stream Pre-defined 0x000002c1 No No 0
1ting_Music_Application Pre-defined 0x000001bc No No 0
_Mobile_HTTP
21CN_Email_Read_HTTP Pre-defined 0x000003fb No No 0
21CN_Email_Send_HTTP Pre-defined 0x000003fc No No 0
---- More ----
# Display information about application protocol Telnet.
<Sysname> display application name telnet
Application English Name: telnet
Application Chinese Name: telnet
Application ID: 0x0000000e
Tunnel: No
Encrypted: No
Table 2 Command output
Field |
Description |
Total count |
Total number of application protocols. |
Pre-defined count |
Number of predefined application protocols. |
User-defined count |
Number of user-defined application protocols. |
Application name |
Name of the application protocol. |
Type |
Application protocol type: · Pre-defined. · User-defined. |
App ID/Application ID |
ID of the application protocol. |
Tunnel |
Whether or not the protocol is a tunnel protocol, such as L2TP: · Yes. · No. |
Encrypted |
Whether or not the protocol is a cryptographic protocol: · Yes. · No. |
DetectLen |
Length of data to be inspected for application recognition. The length can be predefined or user defined. The measurement unit is byte. |
Related commands
app-group
include
display application statistics
Use display application statistics to display statistics for the specified application protocols.
Syntax
display application statistics [ direction { inbound | outbound } | interface interface-type interface-number | name application-name ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
direction: Specifies the direction of the interface.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
interface interface-type interface-number: Specifies an interface by its type and number.
name application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
Usage guidelines
If you do not specify any options or keywords, this command displays statistics for application protocols on all interfaces in both inbound and outbound directions.
This command displays statistics for application protocols only after the application statistics feature is enabled on the specified interfaces. Disabling the application statistics feature on the specified interfaces deletes the corresponding application statistics.
You can display statistics for application protocols based on certain criteria, including application protocol names, interface directions, interface names, or a combination of the criteria.
Examples
# Display application statistics for GigabitEthernet 1/0.
<Sysname> display application statistics interface gigabitethernet 1/0
Interface : GigabitEthernet1/0
Application In/Out Packets Bytes PPS BPS
Slot 1 :
http IN 275 78631 0 275
OUT 357 255251 0 101
https IN 403 39267 0 44
OUT 681 623501 0 32
netbios-dgm IN 3 729 0 32
OUT 0 0 0 0
netbios-ns IN 248 22816 2 1423
OUT 0 0 0 0
telnet IN 801 43374 10 4509
OUT 1519 65388 20 6774
# Display application statistics for Vlan-interface 2.
<Sysname> display application statistics interface Vlan-interface 2
Interface : Vlan-interface2
Application In/Out Packets Bytes PPS BPS
Slot 1 :
http IN 275 78631 0 275
OUT 357 255251 0 101
https IN 403 39267 0 44
OUT 681 623501 0 32
netbios-dgm IN 3 729 0 32
OUT 0 0 0 0
netbios-ns IN 248 22816 2 1423
OUT 0 0 0 0
telnet IN 801 43374 10 4509
OUT 1519 65388 20 6774
Table 3 Command output
Field |
Description |
Interface |
Interface name. |
Application |
Name of the application protocol. |
In/Out |
Interface direction: · In—Inbound. · Out—Outbound. |
Packets |
Number of packets received or sent by the interface. |
Bytes |
Number of bytes received or sent by the interface. |
PPS |
Packets received or sent per second. |
BPS |
Bytes received or sent per second. |
Related commands
app-group
application statistics enable
display application statistics top
Use display application statistics top to display statistics for application protocols on an interface in descending order, based on the specified criteria.
Syntax
display application statistics top number { bps | bytes | packets | pps } interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number: Specifies the number of application statistics entries to be displayed. The value range is 0 to 4294967295.
bytes: Sorts application protocols by traffic size in bytes.
bps: Sorts application protocols by traffic rate in bps.
packets: Sorts application protocols by traffic size in packet count.
pps: Sorts application protocols by traffic rate in pps.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command displays application statistics only after the application statistics feature is enabled on the specified interface. Disabling the application statistics feature on the interface deletes the existing statistics.
The system uses the sum of inbound and outbound statistics to rank the application protocols. If the sum statistics for multiple application protocols is the same, the system displays these protocols in alphabetical order.
Examples
# Display the top three application protocols that have received and sent the most packets on GigabitEthernet 1/0.
<Sysname> display application statistics top 3 packets interface gigabitethernet 1/0
Interface : GigabitEthernet1/0
Application In/Out Packets Bytes PPS BPS
Slot 1 :
telnet IN 1389 75219 0 44
OUT 2626 112745 0 54
https IN 468 42830 0 123
OUT 746 626101 0 91
netbios-ns IN 965 88780 2 1411
OUT 0 0 0 0
# Display the top three application protocols that have received and sent the most packets on Vlan-interface 2.
<Sysname> display application statistics top 3 packets interface Vlan-interface 2
Interface : Vlan-interface2
Application In/Out Packets Bytes PPS BPS
Slot 1 :
telnet IN 1389 75219 0 44
OUT 2626 112745 0 54
https IN 468 42830 0 123
OUT 746 626101 0 91
netbios-ns IN 965 88780 2 1411
OUT 0 0 0 0
Table 4 Command output
Field |
Description |
Interface |
Interface name. |
Application |
Name of the application protocol. |
In/Out |
Interface direction: · In—Inbound. · Out—Outbound. |
Packets |
Number of packets received or sent by the interface. |
Bytes |
Number of bytes received or sent by the interface. |
PPS |
Packets received or sent per second. |
BPS |
Bytes received or sent per second. |
Related commands
app-group
application statistics enable
display port-mapping pre-defined
Use display port-mapping pre-defined to display information about the predefined port-mappings.
Syntax
display port-mapping pre-defined
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all predefined port mappings.
<Sysname> display port-mapping pre-defined
Application Protocol Port
afs3-kaserver TCP 7004
UDP 7004
aol TCP 5190, 5191, 5192, 5193
UDP 5190, 5191, 5192, 5193
appleqtc TCP 458
UDP 458
bgp TCP 179
UDP 179
Table 5 Command output
Field |
Description |
Application |
Application protocol using the port mapping. |
Protocol |
Transport layer protocol. |
Port |
Port number of the application protocol. |
Related commands
display port-mapping
port-mapping
display port-mapping user-defined
Use display port-mapping user-defined to display information about the user-defined port mappings.
Syntax
display port-mapping user-defined [ application application-name | port port-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number, in the range of 0 to 65535.
Usage guidelines
If you do not specify an application protocol or a port number, this command displays all user-defined port mappings on the device.
Examples
# Display all user-defined port mappings on the device.
<Sysname> display port-mapping user-defined
Application Port Protocol Match Type Match Condition
-------------------------------------------------------------
FTP 21 TCP --- ---
FTP 21 UDP IPv4 host 10.10.10.1
FTP 2121 UDP IPv4 host [11.10.10.1, 11.10.10.10]
FTP 21 UDP IPv4 subnet 10.10.10.1/24
FTP 21 SCTP IPv6 host 2000:fdb8::1:00ab:853c:39ab
HTTP 899 TCP IPv4 ACL 2002
HTTP 999 SCTP IPv6 ACL 2002
Table 6 Command output
Field |
Description |
Application |
Application protocol using port mapping. |
Port |
Port number to which the application protocol is mapped. |
Protocol |
Transport layer protocol. |
Match Type |
Match types: · ---—No match types or match conditions are specified, and all packets that have the specified port are recognized as the packets of the specified application protocol. · IPv4 host—A match based on the destination IPv4 addresses of the packet. · IPv6 host—A match based on the destination IPv6 addresses of the packet. · IPv4 subnet—A match based on the destination IPv4 subnet of the packet. · IPv6 subnet—A match based on the destination IPv6 subnet of the packet. · IPv4 ACL—A match based on the IPv4 ACL. · IPv6 ACL—A match based on the IPv6 ACL. |
Match Condition |
Match conditions: · For the match type of IPv4 host or IPv6 host, the destination IP addresses of the packets are displayed. · For the match type of IPv4 subnet or IPv6 subnet, the destination subnet addresses of the packets are displayed. · For the match type of IPv4 ACL or IPv6 ACL, the correct ACL number is displayed. |
include application
Use include application to add application protocols to an application group.
Use undo include application to remove application protocols from an application group.
Syntax
include application application-name
undo include application application-name
Default
No application protocols exist in an application group.
Views
Application group view
Predefined user roles
network-admin
Parameters
application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
Usage guidelines
Execute this command multiple times to add multiple predefined or user-defined application protocols to an application group. The number of application protocols in an application group is not limited.
If you add a nonexistent application protocol to the application group, the system first creates the protocol before adding it to the application group. Whether the device can recognize the packets of this protocol depends on your configuration.
Examples
# Add HTTP and FTP to group abc.
<Sysname> system-view
[Sysname] app-group abc
[Sysname-app-group-abc] include application http
[Sysname-app-group-abc] include application ftp
Related commands
app-group
copy app-group
port-mapping
Use port-mapping to configure a general port mapping.
Use undo port-mapping to remove a general port mapping.
Syntax
port-mapping application application-name port port-number [ protocol protocol-name ]
undo port-mapping application application-name port port-number [ protocol protocol-name ]
Default
An application protocol is mapped to a well-known port.
Views
System view
Predefined user roles
network-admin
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number, in the range of 0 to 65535.
protocol protocol-name: Specifies a transport layer protocol by its name, including:
· dccp: Specifies DCCP.
· sctp: Specifies SCTP.
· tcp: Specifies TCP.
· udp: Specifies UDP.
· udp-lite: Specifies UDP-Lite.
Usage guidelines
If no transport layer protocol is specified, packets that meet the following conditions are recognized as the specified application protocol's packets:
· Packets are encapsulated by any transport layer protocol.
· Packets have the specified port.
If the destination port of a packet matches a general port mapping, APR recognizes the packet as the specified application protocol's packet.
A mapping with the transport layer protocol specified has a higher priority than one without it.
If two port mappings are configured with the same port number and transport layer protocol, but with different application protocols, the most recent configuration takes effect.
To change the port number mapped to an application protocol, perform the following tasks:
1. Use the undo port-mapping application command to remove the existing general port mapping.
2. Use the port-mapping application command to specify a different port number for the application protocol.
Examples
# Create a general port mapping of port 3456 to FTP.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456
Related commands
display port-mapping user-defined
port-mapping acl
Use port-mapping acl to configure an ACL-based host-port mapping.
Use undo port-mapping acl to remove an ACL-based host-port mapping.
Syntax
port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number
undo port-mapping application application-name port port-number [ protocol protocol-name ] acl [ ipv6 ] acl-number
Default
An application protocol is mapped to a well-known port.
Views
System view
Predefined user roles
network-admin
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number in the range of 0 to 65535.
protocol protocol-name: Specifies a transport layer protocol by its name, including:
· dccp: Specifies DCCP.
· sctp: Specifies SCTP.
· tcp: Specifies TCP.
· udp: Specifies UDP.
· udp-lite: Specifies UDP-Lite.
acl [ ipv6 ] acl-number: Specifies the number of an ACL, in the range of 2000 to 2999. To specify an IPv6 ACL, include the ipv6 keyword. To specify an IPv4 ACL, do not include the ipv6 keyword. The ACL will not count traffic that matches this ACL-based host-port mapping even if match counting is enabled for the ACL.
Usage guidelines
APR uses ACL-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:
· The packet's destination IP address matches the specified source IP address defined in the ACL.
· The packet's destination port matches the specified port in the mapping.
· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.
If two port mappings are configured with the same port number, transport layer protocol, and ACL, but with different application protocols, the most recent configuration takes effect.
A mapping with the transport layer protocol specified has a higher priority than one without it.
Examples
# Create a port mapping of port 3456 to FTP for the packets matching ACL 2000.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 acl 2000
Related commands
display port-mapping user-defined
port-mapping host
Use port-mapping host to configure an IP address-based host-port mapping.
Use undo port-mapping host to remove an IP address-based host-port mapping.
Syntax
port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]
undo port-mapping application application-name port port-number [ protocol protocol-name ] host { ip | ipv6 } start-ip-address [ end-ip-address ]
Default
An application protocol is mapped to a well-known port.
Views
System view
Predefined user roles
network-admin
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number, in the range of 0 to 65535.
protocol protocol-name: Specifies a transport layer protocol by its name, including:
· dccp: Specifies DCCP.
· sctp: Specifies SCTP.
· tcp: Specifies TCP.
· udp: Specifies UDP.
· udp-lite: Specifies UDP-Lite.
ip: Specifies IPv4 addresses.
ipv6: Specifies IPv6 addresses.
start-ip-address [ end-ip-address ]: Specifies a range of IPv4 or IPv6 addresses. The start-ip-address argument represents the start IP address, and the end-ip-address argument represents the end IP address. To specify only one IP address, provide only the start IP address. To specify a range of IP addresses, provide both the start and end IP addresses, and make sure the end IP address is higher than the start IP address.
Usage guidelines
APR uses IP address-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:
· The packet is destined for the specified IP address or IP subnet in the mapping.
· The packet's destination port matches the specified port in the mapping.
· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.
No overlapping of IP addresses is tolerable for the host-port mappings configured with the same application protocol, port number, and transport layer protocol.
If two port mappings are configured with the same port number, transport layer protocol, and IP address or IP address ranges, but with different application protocols, the most recent configuration takes effect.
A mapping with the transport layer protocol specified has a higher priority than one without it.
Examples
# Create a mapping of port 3456 to FTP for the IPv4 packets sent to the host at 1.1.1.1 to 1.1.1.10.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 host ip 1.1.1.1 1.1.1.10
# Create a mapping of port 3456 to FTP for the IPv6 packets sent to 1::1.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 host ipv6 1::1
Related commands
display port-mapping user-defined
port-mapping subnet
Use port-mapping subnet to configure a subnet-based host-port mapping.
Use undo port-mapping subnet to remove a subnet-based host-port mapping.
Syntax
port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }
undo port-mapping application application-name port port-number [ protocol protocol-name ] subnet { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length }
Default
An application protocol is mapped to a well-known port.
Views
System view
Predefined user roles
network-admin
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number, in the range of 0 to 65535.
protocol protocol-name: Specifies a transport layer protocol by its name, including:
· dccp: Specifies DCCP.
· sctp: Specifies SCTP.
· tcp: Specifies TCP.
· udp: Specifies UDP.
· udp-lite: Specifies UDP-Lite.
ip ipv4-address { mask-length | mask }: Specifies an IPv4 subnet.
· The ipv4-address argument specifies the IPv4 network address.
· The mask-length argument specifies the mask length of the IPv4 subnet, in the range of 1 to 32.
· The mask argument specifies the subnet mask in dotted decimal notation.
ipv6 ipv6-address prefix-length: Specifies an IPv6 subnet. The ipv6-address argument specifies the IPv6 network address, and the prefix-length argument specifies the length of the IPv6 prefix, in the range of 1 to 128.
Usage guidelines
APR uses subnet-based host-port mappings to recognize packets. A packet is recognized as an application protocol packet when it matches all the following conditions in a mapping:
· The packet is destined for the specified IP subnet in the mapping.
· The packet's destination port matches the specified port in the mapping.
· The transport layer protocol that encapsulates the packet matches the specified transport layer protocol if you specify a transport layer protocol in the mapping.
If multiple subnet-based mappings are applied to packets and these subnets overlap, APR matches the packets destined for the overlapped segment with the port mapping of the subnet that has the smallest range.
If two port mappings are configured with the same port number, transport layer protocol, and subnet, but with different application protocols, the most recent configuration takes effect.
A mapping with the transport layer protocol specified has a higher priority than one without it.
Examples
# Create a mapping of port 3456 to FTP for the packets sent to the IPv4 hosts on subnet 1.1.1.0/24.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 subnet ip 1.1.1.0 24
# Create a mapping of port 3456 to FTP for the packets sent to the IPv6 hosts on subnet 1:: /120.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 subnet ipv6 1:: 120
Related commands
display port-mapping user-defined
reset application statistics
Use reset application statistics to clear application statistics for interfaces.
Syntax
reset application statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears application statistics for all interfaces.
Examples
# Clear application statistics for GigabitEthernet 1/0.
<Sysname> reset application statistics interface gigabitethernet 1/0
# Clear application statistics for all interfaces.
<Sysname> reset application statistics
Related commands
application statistics enable
display application statistics