The ip-address command sets the IPv4 address in a user-defined application rule.
The undo ip-address command deletes the IPv4 address in a user-defined application rule.
ip-address ip-address [ mask | mask-length ]
undo ip-address { ip-address [ mask | mask-length ] | all }
| Parameter | Description | Value |
|---|---|---|
ip-address |
Specifies an IPv4 address. |
The value is in dotted decimal notation. |
mask |
Specifies the subnet mask. |
The value is in dotted decimal notation. |
mask-length |
Specifies the mask length. |
The value is an integer ranging from 1 to 32. |
all |
Deletes all IPv4 addresses. |
- |
You can set a single IPv4 address in a user-defined application rule or set the subnet mask or mask length to specify a network segment.
After you configure the IPv4 address, the SA engine will use the transport layer protocol and ports, that is, the 3-tuple to match the network packets. If you know the destination 3-tuple of the detecting flow, you can configure a user-defined 3-tuple to accelerate the application identification. For example, if you have a server, you can configure a 3-tuple rule according to the IPv4 address, port, and protocol of the server, so the rule can identify all the accessing flow to this server. At least one IPv4 address or one port should be in the 3-tuple rule. Note that the IPv4 address set here is only the destination IPv4 address.
The total number of IPv4 and IPv6 addresses in a user-defined application rule cannot be larger than four.