Command Reference Guide
62 ● detect 3Com Router 5000 Family and Router 6000 Family
Command Reference
detect
Purpose Use the detect command to specify ASPF policy for application layer protocols.
Use the undo detect command to cancel the configuration.
SyntaxSyntax detect protocol [ java-blocking acl-number ] [ aging-time seconds ]
undo detect protocol
Parameters protocol
Name of the protocol supported by ASPF. It can be an
application layer protocol of ftp, http, h323, smtp, or
rtsp, or a transport layer protocol of tcp or udp.
seconds
Configures the idle timeout time of the protocol (in
seconds). Valid values are 5 to 43200.
If no value is specified, the default TCP-based timeout
time is 3600 seconds, and the default UDP-based
timeout time is 30 seconds.
java-blocking
Configures to block the Java Applets to specified
network segment packets, valid only when the
protocol is HTTP.
acl-number
Basic ACL number. Valid values are 2000 to 2999.
Example Configure to specify an ASPF policy for HTTP protocol with policy number 1. At the
same time, permit Java blocking and set ACL2000 to make ASPF able to filter Java
Applets from destination server 10.1.1.1.
[3Com] acl number 2000
[3Com-acl-basic-2000] rule deny source 10.1.1.1 0
[3Com-acl-basic-2000] rule permit any
[3Com-acl-basic-2000] quit
[3Com] aspf-policy 1
[3Com-aspf-policy-1] detect http java-blocking 2000
View This command can be used in the following views:
■ ASPF Policy view
Description When the protocol is HTTP, Java blocking is permitted.
If both application layer protocol specific detection and generic TCP/UDP-based
detection are configured, the former has priority.
ASPF uses the timeout mechanism to manage session state information of protocols
so that it can decide when to stop managing the state information of a session or
delete a session that cannot be set up normally. The timeout time setting is a global