HP FlexNetwork MSR Series Command Reference Manual page 720
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Parameters
application application-name: Specifies an application protocol by its name, a case-insensitive
string of 1 to 63 characters. The names invalid and other are not allowed.
port port-number: Specifies a port by its number, in the range of 0 to 65535.
protocol protocol-name: Specifies a transport layer protocol by its name, including:
•
dccp: Specifies DCCP.
•
sctp: Specifies SCTP.
•
tcp: Specifies TCP.
•
udp: Specifies UDP.
•
udp-lite: Specifies UDP-Lite.
ip ipv4-address { mask-length | mask }: Specifies an IPv4 subnet.
•
The ipv4-address argument specifies the IPv4 network address.
•
The mask-length argument specifies the mask length of the IPv4 subnet, in the range of 1 to 32.
•
The mask argument specifies the subnet mask in dotted decimal notation.
ipv6 ipv6-address prefix-length: Specifies an IPv6 subnet. The ipv6-address argument specifies the
IPv6 network address, and the prefix-length argument specifies the length of the IPv6 prefix, in the
range of 1 to 128.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If you configure a mapping for the public network, do not
specify this option.
Usage guidelines
APR uses subnet-based host-port mappings to recognize packets. A packet is recognized as an
application protocol packet when it matches all the following conditions in a mapping:
•
The packet is destined for the specified IP subnet in the mapping.
•
The packet's destination port matches the specified port in the mapping.
•
The transport layer protocol that encapsulates the packet matches the specified transport layer
protocol if you specify a transport layer protocol in the mapping.
If multiple subnet-based mappings are applied to packets and these subnets overlap, APR matches
the packets destined for the overlapped segment with the port mapping of the subnet that has the
smallest range.
If two port mappings are configured with the same port number, transport layer protocol, and subnet,
but with different application protocols, the most recent configuration takes effect.
A mapping with the transport layer protocol specified has a higher priority than one without it.
Examples
# Create a mapping of port 3456 to FTP for the packets sent to the IPv4 hosts on subnet 1.1.1.0/24.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 subnet ip 1.1.1.0 24
# Create a mapping of port 3456 to FTP for the packets sent to the IPv6 hosts on subnet 1:: /120.
<Sysname> system-view
[Sysname] port-mapping application ftp port 3456 subnet ipv6 1:: 120
Related commands
display port-mapping user-defined
702
Advertisement
