R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

361

362

363

364

365

366

367

368

369

370

352

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter ASPF policy view.

aspf-policy aspf-policy-number N/A

3. Enable the session logging

function of the ASPF.

log enable

Optional.

Disabled by default.

Configuring port mapping

Two mapping mechanisms exist: general port mapping and basic ACL–based host port mapping.

• General port mapping—Refers to a mapping of a user-defined port number to an application layer

protocol. If port 8080 is mapped to HTTP, for example, all TCP packets the destination port of which

is port 8080 are regarded as HTTP packets.

• Host port mapping—Refers to a mapping of a user-defined port number to an application layer

protocol for packets to some specific hosts. For example, you can establish a host port mapping so

that all TCP packets using port 8080 sent to the network segment 10.110.0.0 are regarded as HTTP

packets. The address range of hosts can be specified by means of a basic ACL.

To configure port mapping:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure mapping between

the port and the application

protocol.

port-mapping application-name

port port-number [ acl acl-number ]

Not configured by default.

The application layer protocols

supported by this function include

FTP, H323, HTTP, HTTPS, IKE,

RTSP, SMTP, SSH, and VAM.

Displaying and maintaining ASPF

Task Command

Remarks

Display all ASPF policy and

session information.

display aspf all [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Display the ASPF policy

configuration applied the

interface.

display aspf interface [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Display the configuration

information of a specific ASPF

policy.

display aspf policy aspf-policy-number [ |

{ begin | exclude | include }

regular-expression ]

Available in any view.

Display ASPF session information.

display aspf session [ verbose ] [ | { begin |

exclude | include } regular-expression ]

Available in any view.

Display the port mapping

information.

display port-mapping [ application-name |

port port-number ] [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Clear ASPF session. reset aspf session Available in user view.