4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

361

362

363

364

365

366

367

368

369

370

352

undo port-mapping application application-name port port-number [ protocol protocol-name ] subnet

{ ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length } [ vpn-instance

vpn-instance-name ]

Default

An application protocol is mapped to a well-known port.

Views

System view

Predefined user roles

network-admin

Parameters

application application-name: Specifies an application protocol by its name, a case-insensitive string.

The name must be recognizable to the device.

port port-number: Specifies a port by its number, in the range of 0 to 65535.

protocol protocol-name: Specifies a transport layer protocol by its name, including:

• dccp: Specifies DCCP.

• sctp: Specifies SCTP.

• tcp: Specifies TCP.

• udp: Specifies UDP.

• udp-lite: Specifies UDP-Lite.

ip ipv4-address { mask-length | mask }: Specifies an IPv4 subnet. The ipv4-address argument specifies

the IPv4 network address, the mask-length argument specifies the mask length of the IPv4 subnet, in the

range of 1 to 32, and the mask argument specifies the subnet mask in dotted decimal notation.

ipv6 ipv6-address prefix-length: Specifies an IPv6 subnet. The ipv6-address argument specifies the IPv6

network address, and the prefix-length argument specifies the length of the IPv6 prefix, in the range of 1

to 128.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31

characters. If you configure a mapping for the public network, do not specify this option.

Usage guidelines

If no transport layer protocol is specified, all packets encapsulated by the transport layer protocols are

recognized as the packets of the specified application protocol.

For packets destined for the specified subnet, if the destination port of these packets matches a port

mapping, APR recognizes them as the packets of the specified application protocol.

APR uses a very precise method to match the packets. If multiple subnet-based mappings are applied to

packets and these subnets overlap, APR matches the packets destined for the overlapped segment with

the port mapping of the subnet that has the smallest range.

If two port mappings are configured with the same port number, transport layer protocol, and subnet, but

with different application protocols, the most recent configuration takes effect.

A mapping with specified transport layer protocol has a higher priority than that without.

Examples

# Create a mapping of port 3456 to FTP for the packets sent to the IPv4 hosts on subnet 1.1.1.0/24.

<Sysname> system-view