No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - QoS

AR100-S, AR110-S, AR120-S, AR150-S, AR160-S, AR200-S, AR1200-S, AR2200-S, and AR3200-S V200R009

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring SA Applications

Configuring SA Applications

(Optional) Specifying Parameters for SA Detection

Context

Signature identification technology determines an application by detecting character codes in packets. Because character codes of some protocols are embedded in multiple packets, signature identification technology must collect and analyze multiple packets. Signature identification technology can identify the protocol type only when detection parameters in packets are set correctly. The default values of detection parameters in packets are recommended.

Procedure

  1. Run sa

    The SA view is displayed.

  2. Run detect max-packets max-packets

    The maximum number of packets to be detected in a session of the SA module is set.

  3. Run detect max-bytes max-bytes

    The maximum number of bytes to be detected in a session of the SA module is set.

  4. Run port-identification packet-number-threshold packets

    The packet number threshold is set for the SA module to enable port information-based identification.

  5. Run detect uni-direction

    Unidirectional detection of the SA module is enabled.

(Optional) Configuring a User-Defined SA Application

Context

Generally, the built-in SA application signature database can identify various common SA applications. For an SA application that is not included in the predefined applications, you can create an SA application based on signatures of the application.

For SA applications, the router can create rules based on the triplet, keyword, or a combination of them. The triplet refers to the server IP address, protocol type, and port number. A keyword is a signature of a data packet or a data flow corresponding to the application and uniquely identifies the application.

Table 12-2  Rule creation

Content

Rule Creation Mode

Server address, protocol type, and fixed port number

Triplet

Server address, protocol type, and variable port number

Keyword

Identical port number for two or more services

Triplet + keyword

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run sa

    The SA view is displayed.

  3. Run user-defined-application name name

    A user-defined application is created and its view is displayed.

  4. (Optional) Run description description

    A description is configured for the user-defined application.

    By default, no description is configured for a user-defined application.

  5. (Optional) Configure basic attributes of the user-defined application.
    1. Run category category sub-category sub-category

      A category and a subcategory are configured for the user-defined application.

      By default, the category and sub-category of a user-defined application are General and Other, respectively.

    2. Run data-model { unassigned | client-server | browser-based | networking | peer-to-peer }

      A data model is configured for the user-defined application.

      By default, the data model of a user-defined application is unassigned.

    3. Run label label-name &<1-8>

      A label is configured for the user-defined application.

      By default, no label is configured for a user-defined application.

  6. Configure a user-defined application rule.

    1. Run rule name name

      A user-defined application rule is created and its view is displayed.

      By default, no user-defined application rule is configured.

    2. (Optional) Run description description

      A description is configured for the user-defined application rule.

      By default, no description is configured for a user-defined application rule.

    3. Configure a user-defined application rule.
      1. Run ip-address ip-address [ mask | mask-length ]

        The IPv4 address is configured for the user-defined application rule.

        By default, no IPv4 address is configured for a user-defined application rule.

      2. Run port port

        The port number is configured for the user-defined application rule.

        By default, no port number is configured for a user-defined application rule.

      3. (Optional) Run protocol { tcp | udp }

        The transport layer protocol type is configured for the user-defined application rule.

        By default, a user-defined application rule uses any type of a transport layer protocol, that is, the rule is valid for both TCP and UDP packets.

      4. (Optional) Run signature context { flow | packet } direction { request | response | both } plain-string plain-string [ field field ]

        A signature is configured for the user-defined application rule.

        By default, no signature is configured for a user-defined application rule.

    NOTE:

    A user-defined application rule contains at least one IP address or one port number.

  7. Run quit

    Exit from the user-defined application rule view.

  8. Run quit

    Exit from the user-defined application view.

  9. Run quit

    Exit from the SA view.

  10. Run engine configuration commit

    The configuration is committed.

    NOTE:

    After a user-defined application is created or modified, you must submit the configuration to activate it. Activating the configuration takes a long period of time. It is recommended that you commit the configuration after performing all user-defined application operations.

Follow-up Procedure

After configuring user-defined applications, you can adjust them as follows:

  • Run the rename new-name command in the user-defined application view to rename an existing user-defined application.
  • Run the rename new-name command in the user-defined application rule view to rename an existing user-defined application rule.
Translation
Download
Updated: 2019-05-17

Document ID: EDOC1000174115

Views: 40605

Downloads: 28

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next