Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
381382383384385386387388389390
373
If a packet is recognized as the packet of an application protocol in an application group, the packet is
considered to be the packet of the application group. Features such as QoS and ASPF can handle
packets belonging to the same group in bulk.
The following types of application groups are available:
Pre-defined—The pre-defined application groups exist on the device by default, and you cannot
modify or delete these application groups. To display the pre-defined application groups, use the
display app-group pre-defined command.
User-defined—The user-defined application groups are manually created, and you can modify or
delete these application groups. To display the user-defined application groups, use the display
app-group user-defined command.
Configuring PBAR
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure a port
mapping.
Configure a general port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
Configure an ACL-based host-port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
acl [ ipv6 ] acl-number
Configure a subnet-based host-port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
subnet { ip ipv4-address { mask-length |
mask } | ipv6 ipv6-address prefix-length }
[ vpn-instance vpn-instance-name ]
Configure an IP address-based host-port
mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
host { ip | ipv6 } start-ip-address
[ end-ip-address ] [ vpn-instance vpn-
instance-name ]
By default, all application
protocols map with well-known
ports.
You can configure these
commands together.
The priority of these port
mappings for a single packet
ranges from IP address-based,
subnet-based, ACL-based
host-port mappings to general
port mapping in a descending
order. A port mapping with
specified transport layer
protocol has higher priority
than that without.
If the specified application
protocol does not exist, the
system first creates the protocol.
Configuring application groups
The device supports up to 65535 applications groups, and each application group contains up to 65535
user-defined application protocols.
To configure an application group:
Step Command
Remarks
1. Enter system view.
system-view N/A