< Home

service protocol (authentication policy rule view)

Function

The service protocol command references a TCP/UDP/SCTP port or IP-layer protocol in an authentication policy.

The undo service protocol command cancels the reference of the TCP/UDP/SCTP port or IP-layer protocol in the authentication policy.

Format

# Reference a TCP/UDP/SCTP port in the authentication policy. If the port is not specified, the default value is TCP, UDP, or SCTP.

service protocol { { 17 | udp } | { 6 | tcp } | { 132 | sctp } } [ source-port { source-port | start-source-port to end-source-port } &<1-64> | destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> ] *

# Cancel the reference of UDP/TCP/SCTP port in the authentication policy.

undo service protocol { { 17 | udp } | { 6 | tcp } | { 132 | sctp } } [ source-port { source-port | start-source-port to end-source-port } &<1-64> | destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> ] *

# Reference the ICMP packet type in the authentication policy.

service protocol { 1 | icmp } [ icmp-type { icmp-name | icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> } ]

# Cancel the reference of the ICMP packet type in the authentication policy.

undo service protocol { 1 | icmp } [ icmp-type { icmp-name | icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> } ]

# Reference the ICMPv6 packet type in the authentication policy.

service protocol { 58 | icmpv6 } [ icmpv6-type { icmpv6-name | icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> } ]

# Cancel the reference of the ICMPv6 packet type in the authentication policy.

undo service protocol { 58 | icmpv6 } [ icmpv6-type { icmpv6-name | icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> } ]

# Reference IP-layer protocols except 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6, and 132-SCTP in the authentication policy. For detailed mappings, refer to the standard IP-layer protocol number list.

service protocol protocol-number

# Cancel the reference of IP-layer protocols except 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6, and 132-SCTP in the authentication policy.

undo service protocol protocol-number

Parameters

Parameter Description Value
17 | udp Indicates the User Datagram Protocol (UDP). -
6 | tcp Indicates the Transmission Control Protocol (TCP). -
132 | sctp Indicates the Stream Control Transmission Protocol (SCTP). -
source-port { source-port | start-source-port to end-source-port } &<1-64> Specifies the source port or source port range. The value is an integer ranging from 0 to 65535. A maximum of 64 source ports or source port ranges can be added or deleted at a time.
destination-port { destination-port | start-destination-port to end-destination-port } &<1-64> Specifies the destination port or destination port range. The value is an integer ranging from 0 to 65535. A maximum of 64 destination ports or destination port ranges can be added or deleted at a time.
1 | icmp Indicates the Internet Control Message Protocol (ICMP). -
icmp-type Indicates the ICMP packet type and message code. -
icmp-name Specifies the ICMP packet type name. -
icmp-type-number { icmp-code-number [ to icmp-code-number ] } &<1-64> Specifies the ICMP packet type number and message code. The value is an integer ranging from 0 to 255. A maximum of 64 groups of type numbers and message codes (ranges) can be added or deleted at a time.
58 | icmpv6 Indicates the Internet Control Message Protocol version 6 (ICMPv6). -
icmpv6-type Indicates the ICMPv6 packet type and message code. -
icmpv6-name Specifies the ICMPv6 packet type name. -
icmpv6-type-number { icmpv6-code-number [ to icmpv6-code-number ] } &<1-64> Specifies the ICMPv6 packet type number and message code. The value is an integer ranging from 0 to 255. A maximum of 64 groups of type numbers and message codes (ranges) can be added or deleted at a time.
protocol-number Specifies an IP-layer protocol number except 1-ICMP, 6-TCP, 17-UDP, 58-ICMPv6, and 132-SCTP. The value is an integer ranging from 0 to 255.

Views

Authentication policy rule view

Default Level

2: Configuration level

Usage Guidelines

If you want to reference a port in an authentication policy, you can configure a user-defined service set and reference the service set in the authentication policy.

If there are not many ports, you can run the service protocol command to reference the port or IP-layer protocol directly in the authentication policy to simplify configuration.

It is recommended that the configured command contain no more than 500 characters.

Example

# Reference UDP source port 1024 in the authentication policy as a policy matching condition.

<sysname> system-view
[sysname] auth-policy
[sysname-policy-auth] rule name auth3
[sysname-policy-auth-rule-auth3] service protocol udp source-port 1024
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >