acl

acl
+  capture-filter
   +  ipv4-filter
      +  entry sequence-id number 
         +  action
            +  accept
            +  copy
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  tcam-entries number
   +  ipv6-filter
      +  entry sequence-id number 
         +  action
            +  accept
            +  copy
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  tcam-entries number
+  cpm-filter
   +  ipv4-filter
      +  entry sequence-id number 
         +  action
            +  accept
               +  log boolean
               +  rate-limit
                  +  policer reference
                  +  system-cpu-policer reference
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  distributed-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  last-clear string
            -  last-match string
            -  matched-packets number
            -  system-cpu-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
         -  tcam-entries number
      -  last-clear string
      +  statistics-per-entry boolean
   +  ipv6-filter
      +  entry sequence-id number 
         +  action
            +  accept
               +  log boolean
               +  rate-limit
                  +  policer reference
                  +  system-cpu-policer reference
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  distributed-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  last-clear string
            -  last-match string
            -  matched-packets number
            -  system-cpu-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
         -  tcam-entries number
      -  last-clear string
      +  statistics-per-entry boolean
   +  mac-filter
      +  entry sequence-id number 
         +  action
            +  accept
               +  log boolean
               +  rate-limit
                  +  policer reference
                  +  system-cpu-policer reference
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-mac
               +  address string
               +  mask string
            +  ethertype (string | keyword)
            +  source-mac
               +  address string
               +  mask string
            +  vlan
               +  outermost-vlan-id
                  +  none 
                  +  operator keyword
                  +  range
                     +  end number
                     +  start number
                  +  value number
         -  statistics
            -  distributed-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  last-clear string
            -  last-match string
            -  matched-packets number
            -  system-cpu-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
         -  tcam-entries number
      -  last-clear string
      +  statistics-per-entry boolean
-  datapath-programming
   -  forwarding-complex slot-id number complex-id number 
      -  last-completed-timestamp string
      -  programming-complete boolean
+  egress-mac-filtering boolean
+  ipv4-filter name string 
   +  description string
   +  entry sequence-id number 
      +  action
         +  accept
            +  forwarding-class (keyword | reference)
            +  log boolean
            +  rate-limit reference
         +  drop
            +  log boolean
      +  description string
      +  match
         +  destination-ip
            +  address string
            +  mask string
            +  prefix string
         +  destination-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  dscp-set (number | keyword)
         +  first-fragment boolean
         +  fragment boolean
         +  icmp
            +  code number
            +  type (number | keyword)
         +  protocol (number | keyword)
         +  source-ip
            +  address string
            +  mask string
            +  prefix string
         +  source-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  tcp-flags string
      -  statistics
         -  aggregate
            -  in-last-match string
            -  in-matched-packets number
            -  out-last-match string
            -  out-matched-packets number
         -  last-clear string
         -  per-interface
            -  subinterface name string 
               -  in-last-match string
               -  in-matched-packets number
               -  last-clear string
               -  out-last-match string
               -  out-matched-packets number
      -  tcam-entries
         -  forwarding-complex complex-identifier string 
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
+  ipv6-filter name string 
   +  description string
   +  entry sequence-id number 
      +  action
         +  accept
            +  forwarding-class (keyword | reference)
            +  log boolean
            +  rate-limit reference
         +  drop
            +  log boolean
      +  description string
      +  match
         +  destination-ip
            +  address string
            +  mask string
            +  prefix string
         +  destination-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  dscp-set (number | keyword)
         +  icmp6
            +  code number
            +  type (number | keyword)
         +  next-header (number | keyword)
         +  source-ip
            +  address string
            +  mask string
            +  prefix string
         +  source-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  tcp-flags string
      -  statistics
         -  aggregate
            -  in-last-match string
            -  in-matched-packets number
            -  out-last-match string
            -  out-matched-packets number
         -  last-clear string
         -  per-interface
            -  subinterface name string 
               -  in-last-match string
               -  in-matched-packets number
               -  last-clear string
               -  out-last-match string
               -  out-matched-packets number
      -  tcam-entries
         -  forwarding-complex complex-identifier string 
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
+  mac-filter name string 
   +  description string
   +  entry sequence-id number 
      +  action
         +  accept
            +  forwarding-class (keyword | reference)
            +  log boolean
            +  rate-limit reference
         +  drop
            +  log boolean
      +  description string
      +  match
         +  destination-mac
            +  address string
            +  mask string
         +  ethertype (string | keyword)
         +  source-mac
            +  address string
            +  mask string
         +  vlan
            +  outermost-vlan-id
               +  none 
               +  operator keyword
               +  range
                  +  end number
                  +  start number
               +  value number
      -  statistics
         -  aggregate
            -  in-last-match string
            -  in-matched-packets number
            -  out-last-match string
            -  out-matched-packets number
         -  last-clear string
         -  per-interface
            -  subinterface name string 
               -  in-last-match string
               -  in-matched-packets number
               -  last-clear string
               -  out-last-match string
               -  out-matched-packets number
      -  tcam-entries
         -  forwarding-complex complex-identifier string 
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
+  policers
   +  policer name string 
      +  entry-specific boolean
      +  max-burst number
      +  peak-rate number
      -  statistics
         -  aggregate
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
         -  last-clear string
   +  system-cpu-policer name string 
      +  entry-specific boolean
      +  max-packet-burst number
      +  peak-packet-rate number
      -  statistics
         -  conforming-octets number
         -  conforming-packets number
         -  exceeding-octets number
         -  exceeding-packets number
         -  last-clear string
+  system-filter
   +  ipv4-filter
      +  entry sequence-id number 
         +  action
            +  accept
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  last-clear string
            -  last-match string
            -  matched-packets number
         -  tcam-entries number
      -  last-clear string
   +  ipv6-filter
      +  entry sequence-id number 
         +  action
            +  accept
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  dscp-set (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  last-clear string
            -  last-match string
            -  matched-packets number
         -  tcam-entries number
      -  last-clear string
+  tcam-profile keyword

acl Descriptions

acl

Description Top level container for configuration and operational state related to access control lists (ACLs)
Contextacl
Treeacl
ConfigurableTrue
PlatformsSupported on all platforms

capture-filter

Description Top level container for capture filters
Contextacl capture-filter
Treecapture-filter
ConfigurableTrue
PlatformsSupported on all platforms

ipv4-filter

Description Top level container for capture IPv4 filters
Contextacl capture-filter ipv4-filter
Treeipv4-filter
ConfigurableTrue
PlatformsSupported on all platforms
entry sequence-id number
Description List of filter rules.
Context acl capture-filter ipv4-filter entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries.
Contextacl capture-filter ipv4-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the capture filter entry.
Contextacl capture-filter ipv4-filter entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl capture-filter ipv4-filter entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv4 address
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl capture-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl capture-filter ipv4-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
first-fragment boolean
Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl capture-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue
PlatformsSupported on all platforms
fragment boolean
Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl capture-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue
PlatformsSupported on all platforms
icmp
Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMP type value.
Context acl capture-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True
PlatformsSupported on all platforms
protocol (number | keyword)
Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl capture-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv4 address
Contextacl capture-filter ipv4-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl capture-filter ipv4-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl capture-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms

ipv6-filter

Description Top level container for capture IPv6 filters
Contextacl capture-filter ipv6-filter
Treeipv6-filter
ConfigurableTrue
PlatformsSupported on all platforms
entry sequence-id number
Description List of filter rules.
Context acl capture-filter ipv6-filter entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl capture-filter ipv6-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the capture filter entry.
Contextacl capture-filter ipv6-filter entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl capture-filter ipv6-filter entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv6 address
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl capture-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl capture-filter ipv6-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
icmp6
Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl capture-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMPv6 type value
Context acl capture-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue
PlatformsSupported on all platforms
next-header (number | keyword)
Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl capture-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv6 address
Contextacl capture-filter ipv6-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl capture-filter ipv6-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl capture-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms

cpm-filter

Description Top level container for CPM filters
Context acl cpm-filter
Treecpm-filter
ConfigurableTrue
PlatformsSupported on all platforms

ipv4-filter

Description Top level container for CPM IPv4 filters
Contextacl cpm-filter ipv4-filter
Treeipv4-filter
ConfigurableTrue
PlatformsSupported on all platforms
entry sequence-id number
Description List of filter rules.
Context acl cpm-filter ipv4-filter entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl cpm-filter ipv4-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the CPM filter entry.
Contextacl cpm-filter ipv4-filter entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl cpm-filter ipv4-filter entry sequence-id number action accept
Treeaccept
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter ipv4-filter entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
rate-limit
Description Rate-limit accepted packets
Context acl cpm-filter ipv4-filter entry sequence-id number action accept rate-limit
Treerate-limit
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl cpm-filter ipv4-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter ipv4-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl cpm-filter ipv4-filter entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv4 address
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl cpm-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl cpm-filter ipv4-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
first-fragment boolean
Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl cpm-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue
PlatformsSupported on all platforms
fragment boolean
Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl cpm-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue
PlatformsSupported on all platforms
icmp
Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMP code value is any value in the list

Requires ICMP type to be specified because codes are type dependent.

Contextacl cpm-filter ipv4-filter entry sequence-id number match icmp code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMP type value.
Context acl cpm-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True
PlatformsSupported on all platforms
protocol (number | keyword)
Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl cpm-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv4 address
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl cpm-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description Statistics container for packets matching the CPM-filter entry
Contextacl cpm-filter ipv4-filter entry sequence-id number statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
distributed-policer
Description Distributed policer stats for traffic matching the entry.
Contextacl cpm-filter ipv4-filter entry sequence-id number statistics distributed-policer
Treedistributed-policer
ConfigurableFalse
PlatformsSupported on all platforms except 7220
system-cpu-policer
Description System CPU policer stats for traffic matching the entry.
Contextacl cpm-filter ipv4-filter entry sequence-id number statistics system-cpu-policer
Treesystem-cpu-policer
ConfigurableFalse
PlatformsSupported on all platforms
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl cpm-filter ipv4-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
statistics-per-entry boolean
Description Collect the following statistics per entry: the number of packets matching each entry, and the elapsed time since a packet last matched each entry
Contextacl cpm-filter ipv4-filter statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
PlatformsSupported on all platforms

ipv6-filter

Description Top level container for CPM IPv6 filters
Contextacl cpm-filter ipv6-filter
Treeipv6-filter
ConfigurableTrue
PlatformsSupported on all platforms
entry sequence-id number
Description List of filter rules.
Context acl cpm-filter ipv6-filter entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl cpm-filter ipv6-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the CPM filter entry.
Contextacl cpm-filter ipv6-filter entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl cpm-filter ipv6-filter entry sequence-id number action accept
Treeaccept
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter ipv6-filter entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
rate-limit
Description Rate-limit accepted packets
Context acl cpm-filter ipv6-filter entry sequence-id number action accept rate-limit
Treerate-limit
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl cpm-filter ipv6-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter ipv6-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl cpm-filter ipv6-filter entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv6 address
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl cpm-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl cpm-filter ipv6-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
icmp6
Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMPv6 code value is any value in the list

Requires ICMPv6 type to be specified because codes are type dependent.

Contextacl cpm-filter ipv6-filter entry sequence-id number match icmp6 code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMPv6 type value
Context acl cpm-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue
PlatformsSupported on all platforms
next-header (number | keyword)
Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl cpm-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv6 address
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl cpm-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description Statistics container for packets matching the CPM-filter entry
Contextacl cpm-filter ipv6-filter entry sequence-id number statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
distributed-policer
Description Distributed policer stats for traffic matching the entry.
Contextacl cpm-filter ipv6-filter entry sequence-id number statistics distributed-policer
Treedistributed-policer
ConfigurableFalse
PlatformsSupported on all platforms except 7220
system-cpu-policer
Description System CPU policer stats for traffic matching the entry.
Contextacl cpm-filter ipv6-filter entry sequence-id number statistics system-cpu-policer
Treesystem-cpu-policer
ConfigurableFalse
PlatformsSupported on all platforms
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl cpm-filter ipv6-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
statistics-per-entry boolean
Description Collect the following statistics per entry: the number of packets matching each entry, and the elapsed time since a packet last matched each entry
Contextacl cpm-filter ipv6-filter statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
PlatformsSupported on all platforms

mac-filter

Description Top level container for CPM MAC filter
Contextacl cpm-filter mac-filter
Treemac-filter
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
entry sequence-id number
Description List of filter rules.
Context acl cpm-filter mac-filter entry sequence-id number
Treeentry
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl cpm-filter mac-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
action
Description Container for the actions to be applied to packets matching the CPM filter entry.
Contextacl cpm-filter mac-filter entry sequence-id number action
Treeaction
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl cpm-filter mac-filter entry sequence-id number action accept
Treeaccept
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter mac-filter entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
rate-limit
Description Rate-limit accepted packets
Context acl cpm-filter mac-filter entry sequence-id number action accept rate-limit
Treerate-limit
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl cpm-filter mac-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl cpm-filter mac-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether an Ethernet frame matches this entry
Contextacl cpm-filter mac-filter entry sequence-id number match
Treematch
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-mac
Description Ethernet frame matching criteria based on destination MAC address
Contextacl cpm-filter mac-filter entry sequence-id number match destination-mac
Treedestination-mac
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match an Ethernet frame if its destination MAC address logically anded with the mask equals the configured MAC address.
Contextacl cpm-filter mac-filter entry sequence-id number match destination-mac mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
ethertype (string | keyword)
Description An Ethernet frame matches this condition if its ethertype value (after 802.1Q VLAN tags) matches the specified value
Contextacl cpm-filter mac-filter entry sequence-id number match ethertype (string | keyword)
Treeethertype
Options
  • ipv4

    Internet Protocol version 4. Ethertype 0x0800.

  • arp

    Address Resolution Protocol. Ethertype 0x0806.

  • ipv6

    Internet Protocol version 6. Ethertype 0x86DD.

  • flow-control

    Ethernet flow control PAUSE frames. Ethertype 0x8808

  • lacp

    LACP. Ethertype 0x8809.

  • mpls-unicast

    MPLS unicast. Ethertype 0x8847.

  • mpls-multicast

    MPLS multicast. Ethertype 0x8848.

  • pppoe-discovery

    PPPoE discovery. Ethertype 0x8863.

  • pppoe-session

    PPPoE session. Ethertype 0x8864.

  • 8021x-authentication

    802.1x authentication (EAP). Ethertype 0x888E.

  • lldp

    Link Layer Discovery Protocol. Ethertype 0x88CC.

  • macsec

    IEEE 802.1AE MAC security. Ethertype 0x88E5.

  • pbb

    Provider Backbone Bridging. Ethertype 0x88E7.

  • ptp

    Precision Time Protocol. Ethertype 0x88F7.

  • eth-oam

    IEEE 802.1ag CFM and ITU-T Y.1731 OAM. Ethertype 0x8902.

  • fcoe

    Fibre Channel over Ethernet. Ethertype 0x8906.

  • fcoe-initialization

    Fibre Channel over Ethernet Initialization Protocol. Ethertype 0x8914.

  • roce

    RDMA over Converged Ethernet. Ethertype 0x8915.

ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-mac
Description Ethernet frame matching criteria based on source MAC address
Contextacl cpm-filter mac-filter entry sequence-id number match source-mac
Treesource-mac
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match an Ethernet frame if its source MAC address logically anded with the mask equals the configured MAC address.
Contextacl cpm-filter mac-filter entry sequence-id number match source-mac mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
vlan
Description Ethernet frame matching criteria based on VLAN tags
Contextacl cpm-filter mac-filter entry sequence-id number match vlan
Treevlan
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
outermost-vlan-id
Description Ethernet frame matching criteria based on the outermost VLAN ID found before the subinterface-defining VLAN tag (if any) is removed.
Contextacl cpm-filter mac-filter entry sequence-id number match vlan outermost-vlan-id
Treeoutermost-vlan-id
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of VLAN IDs. Matched values include the start and end values.
Contextacl cpm-filter mac-filter entry sequence-id number match vlan outermost-vlan-id range
Treerange
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
statistics
Description Statistics container for packets matching the CPM-filter entry
Contextacl cpm-filter mac-filter entry sequence-id number statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
distributed-policer
Description Distributed policer stats for traffic matching the entry.
Contextacl cpm-filter mac-filter entry sequence-id number statistics distributed-policer
Treedistributed-policer
ConfigurableFalse
PlatformsSupported on all platforms except 7220
matched-packets number
Description The number of packets matching the entry since it was programmed or since the last clear, summed across all subinterfaces and all linecards
Contextacl cpm-filter mac-filter entry sequence-id number statistics matched-packets number
Treematched-packets
Default0
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
system-cpu-policer
Description System CPU policer stats for traffic matching the entry.
Contextacl cpm-filter mac-filter entry sequence-id number statistics system-cpu-policer
Treesystem-cpu-policer
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
tcam-entries number
Description The number of TCAM entries required to implement a single instance of this filter rule.
Contextacl cpm-filter mac-filter entry sequence-id number tcam-entries number
Treetcam-entries
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl cpm-filter mac-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
statistics-per-entry boolean
Description Collect the following statistics per entry: the number of packets matching each entry, and the elapsed time since a packet last matched each entry
Contextacl cpm-filter mac-filter statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

datapath-programming

Description Container to represent the progress of ACL datapath programming
Contextacl datapath-programming
Treedatapath-programming
ConfigurableFalse
PlatformsSupported on all platforms

forwarding-complex slot-id number complex-id number

Description List of forwarding complexes that are currently installed and online
Contextacl datapath-programming forwarding-complex slot-id number complex-id number
Treeforwarding-complex
ConfigurableFalse
PlatformsSupported on all platforms

egress-mac-filtering boolean

Description

Must be set to true in order to apply any MAC ACLs to any subinterface in the egress traffic direction.

Internally this sets the following limits:

Remember that the number of ACL instances per ACL policy is greater than one if subinterface-specific is set to input-and-output or output-only.

A setting of true is blocked if the number of IPv4 ACL instances applied to egress traffic is already greater than 32, or if the number of IPv6 ACL instances applied to egress traffic is already greater than 32.

Contextacl egress-mac-filtering boolean
Treeegress-mac-filtering
Defaultfalse
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

ipv4-filter name string

Description List of IPv4 filter policies
Context acl ipv4-filter name string
Treeipv4-filter
ConfigurableTrue
PlatformsSupported on all platforms

name string

Description Name of the IPv4 filter policy.
Context acl ipv4-filter name string
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms

description string

Description Description string for the IPv4 filter policy
Contextacl ipv4-filter name string description string
Treedescription
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms

entry sequence-id number

Description List of filter rules.
Context acl ipv4-filter name string entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl ipv4-filter name string entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the filter entry.
Contextacl ipv4-filter name string entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl ipv4-filter name string entry sequence-id number action accept
Treeaccept
ConfigurableTrue
PlatformsSupported on all platforms
forwarding-class (keyword | reference)
Description The QoS forwarding class to which the packet is mapped
Contextacl ipv4-filter name string entry sequence-id number action accept forwarding-class (keyword | reference)
Treeforwarding-class
Options
  • fc0

    System default forwarding-class name for the FC with index 0

  • fc1

    System default forwarding-class name for the FC with index 1

  • fc2

    System default forwarding-class name for the FC with index 2

  • fc3

    System default forwarding-class name for the FC with index 3

  • fc4

    System default forwarding-class name for the FC with index 4

  • fc5

    System default forwarding-class name for the FC with index 5

  • fc6

    System default forwarding-class name for the FC with index 6

  • fc7

    System default forwarding-class name for the FC with index 7

  • fc8

    System default forwarding-class name for the FC with index 8

  • fc9

    System default forwarding-class name for the FC with index 9

  • fc10

    System default forwarding-class name for the FC with index 10

  • fc11

    System default forwarding-class name for the FC with index 11

  • fc12

    System default forwarding-class name for the FC with index 12

  • fc13

    System default forwarding-class name for the FC with index 13

  • fc14

    System default forwarding-class name for the FC with index 14

  • fc15

    System default forwarding-class name for the FC with index 15

Referenceqos forwarding-classes forwarding-class name string
ConfigurableTrue
PlatformsSupported on all platforms except 7220 IXR-D1
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl ipv4-filter name string entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl ipv4-filter name string entry sequence-id number action drop
Treedrop
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl ipv4-filter name string entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl ipv4-filter name string entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv4 address
Contextacl ipv4-filter name string entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl ipv4-filter name string entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl ipv4-filter name string entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl ipv4-filter name string entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
first-fragment boolean
Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl ipv4-filter name string entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue
PlatformsSupported on all platforms
fragment boolean
Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl ipv4-filter name string entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue
PlatformsSupported on all platforms
icmp
Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match icmp
Treeicmp
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMP code value is any value in the list

Requires ICMP type to be specified because codes are type dependent.

Contextacl ipv4-filter name string entry sequence-id number match icmp code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMP type value.
Context acl ipv4-filter name string entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True
PlatformsSupported on all platforms
protocol (number | keyword)
Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl ipv4-filter name string entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv4 address
Contextacl ipv4-filter name string entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
mask string
Description Match a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl ipv4-filter name string entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl ipv4-filter name string entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl ipv4-filter name string entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl ipv4-filter name string entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description Container for per-entry statistics
Context acl ipv4-filter name string entry sequence-id number statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
aggregate
Description Container for aggregated per-entry statistics. Not present if the entry is part of a filter with statistics-per-entry set to false.
Contextacl ipv4-filter name string entry sequence-id number statistics aggregate
Treeaggregate
ConfigurableFalse
PlatformsSupported on all platforms
in-last-match string
Description The elapsed time since an ingress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl ipv4-filter name string entry sequence-id number statistics aggregate in-last-match string
Treein-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
out-last-match string
Description The elapsed time since an egress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an output ACL
Contextacl ipv4-filter name string entry sequence-id number statistics aggregate out-last-match string
Treeout-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
per-interface
Description Container for per-entry statistics on a per subinterface basis.
Contextacl ipv4-filter name string entry sequence-id number statistics per-interface
Treeper-interface
ConfigurableFalse
PlatformsSupported on all platforms
subinterface name string
Description

If subinterface-specific=disabled then this list is empty.

If subinterface-specific=input-only then this is the list of subinterfaces that apply the ACL as an input ACL

If subinterface-specific=output-only then this is the list of subinterfaces that apply the ACL as an output ACL.

If subinterface-specific=input-and-output then this is the list of subinterfaces that apply the ACL as an input ACL or an output ACL.

Contextacl ipv4-filter name string entry sequence-id number statistics per-interface subinterface name string
Treesubinterface
ConfigurableFalse
PlatformsSupported on all platforms
tcam-entries
Description Information about the TCAM entries used to implement the ACL entry
Contextacl ipv4-filter name string entry sequence-id number tcam-entries
Treetcam-entries
ConfigurableFalse
PlatformsSupported on all platforms
forwarding-complex complex-identifier string
Description List of forwarding complexes in the system
Contextacl ipv4-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string
Treeforwarding-complex
ConfigurableFalse
PlatformsSupported on all platforms
input-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this complex then input-total=0.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string input-total number
Treeinput-total
ConfigurableFalse
PlatformsSupported on all platforms
output-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this complex then output-total=0.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string output-total number
Treeoutput-total
ConfigurableFalse
PlatformsSupported on all platforms
single-instance number
Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this complex. It captures the effect of TCAM entry expansion to deal with L4 port or VLAN ranges, for example.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string single-instance number
Treesingle-instance
ConfigurableFalse
PlatformsSupported on all platforms

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl ipv4-filter name string last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms

statistics-per-entry boolean

Description

Collect statistics for each entry of the ACL. If this is set to false no hardware resources are allocated to collecting statistics for this ACL policy.

The exact set of statistics depend on the subinterface-specific mode

Contextacl ipv4-filter name string statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
PlatformsSupported on all platforms

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl ipv4-filter name string subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue
PlatformsSupported on all platforms

ipv6-filter name string

Description List of IPv6 filter policies
Context acl ipv6-filter name string
Treeipv6-filter
ConfigurableTrue
PlatformsSupported on all platforms

name string

Description Name of the IPv6 filter policy.
Context acl ipv6-filter name string
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms

description string

Description Description string for the IPv6 filter policy
Contextacl ipv6-filter name string description string
Treedescription
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms

entry sequence-id number

Description List of filter rules.
Context acl ipv6-filter name string entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries.
Contextacl ipv6-filter name string entry sequence-id number
Range1 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the filter entry.
Contextacl ipv6-filter name string entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl ipv6-filter name string entry sequence-id number action accept
Treeaccept
ConfigurableTrue
PlatformsSupported on all platforms
forwarding-class (keyword | reference)
Description The QoS forwarding class to which the packet is mapped
Contextacl ipv6-filter name string entry sequence-id number action accept forwarding-class (keyword | reference)
Treeforwarding-class
Options
  • fc0

    System default forwarding-class name for the FC with index 0

  • fc1

    System default forwarding-class name for the FC with index 1

  • fc2

    System default forwarding-class name for the FC with index 2

  • fc3

    System default forwarding-class name for the FC with index 3

  • fc4

    System default forwarding-class name for the FC with index 4

  • fc5

    System default forwarding-class name for the FC with index 5

  • fc6

    System default forwarding-class name for the FC with index 6

  • fc7

    System default forwarding-class name for the FC with index 7

  • fc8

    System default forwarding-class name for the FC with index 8

  • fc9

    System default forwarding-class name for the FC with index 9

  • fc10

    System default forwarding-class name for the FC with index 10

  • fc11

    System default forwarding-class name for the FC with index 11

  • fc12

    System default forwarding-class name for the FC with index 12

  • fc13

    System default forwarding-class name for the FC with index 13

  • fc14

    System default forwarding-class name for the FC with index 14

  • fc15

    System default forwarding-class name for the FC with index 15

Referenceqos forwarding-classes forwarding-class name string
ConfigurableTrue
PlatformsSupported on all platforms except 7220 IXR-D1
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl ipv6-filter name string entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl ipv6-filter name string entry sequence-id number action drop
Treedrop
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl ipv6-filter name string entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl ipv6-filter name string entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv6 address
Contextacl ipv6-filter name string entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl ipv6-filter name string entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl ipv6-filter name string entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl ipv6-filter name string entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
icmp6
Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMPv6 code value is any value in the list

Requires ICMPv6 type to be specified because codes are type dependent.

Contextacl ipv6-filter name string entry sequence-id number match icmp6 code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMPv6 type value
Context acl ipv6-filter name string entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue
PlatformsSupported on all platforms
next-header (number | keyword)
Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl ipv6-filter name string entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv6 address
Contextacl ipv6-filter name string entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
mask string
Description Match a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl ipv6-filter name string entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl ipv6-filter name string entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl ipv6-filter name string entry sequence-id number match source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl ipv6-filter name string entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description Container for per-entry statistics
Context acl ipv6-filter name string entry sequence-id number statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
aggregate
Description Container for aggregated per-entry statistics. Not present if the entry is part of a filter with statistics-per-entry set to false.
Contextacl ipv6-filter name string entry sequence-id number statistics aggregate
Treeaggregate
ConfigurableFalse
PlatformsSupported on all platforms
in-last-match string
Description The elapsed time since an ingress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl ipv6-filter name string entry sequence-id number statistics aggregate in-last-match string
Treein-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
out-last-match string
Description The elapsed time since an egress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an output ACL
Contextacl ipv6-filter name string entry sequence-id number statistics aggregate out-last-match string
Treeout-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
per-interface
Description Container for per-entry statistics on a per subinterface basis.
Contextacl ipv6-filter name string entry sequence-id number statistics per-interface
Treeper-interface
ConfigurableFalse
PlatformsSupported on all platforms
subinterface name string
Description

If subinterface-specific=disabled then this list is empty.

If subinterface-specific=input-only then this is the list of subinterfaces that apply the ACL as an input ACL

If subinterface-specific=output-only then this is the list of subinterfaces that apply the ACL as an output ACL.

If subinterface-specific=input-and-output then this is the list of subinterfaces that apply the ACL as an input ACL or an output ACL.

Contextacl ipv6-filter name string entry sequence-id number statistics per-interface subinterface name string
Treesubinterface
ConfigurableFalse
PlatformsSupported on all platforms
tcam-entries
Description Information about the TCAM entries used to implement the ACL entry
Contextacl ipv6-filter name string entry sequence-id number tcam-entries
Treetcam-entries
ConfigurableFalse
PlatformsSupported on all platforms
forwarding-complex complex-identifier string
Description List of forwarding complexes in the system
Contextacl ipv6-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string
Treeforwarding-complex
ConfigurableFalse
PlatformsSupported on all platforms
input-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this complex then input-total=0.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string input-total number
Treeinput-total
ConfigurableFalse
PlatformsSupported on all platforms
output-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this complex then output-total=0.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string output-total number
Treeoutput-total
ConfigurableFalse
PlatformsSupported on all platforms
single-instance number
Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this complex. It captures the effect of TCAM entry expansion to deal with L4 port or VLAN ranges, for example.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string single-instance number
Treesingle-instance
ConfigurableFalse
PlatformsSupported on all platforms

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl ipv6-filter name string last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms

statistics-per-entry boolean

Description

Collect statistics for each entry of the ACL. If this is set to false no hardware resources are allocated to collecting statistics for this ACL policy.

The exact set of statistics depend on the subinterface-specific mode

Contextacl ipv6-filter name string statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
PlatformsSupported on all platforms

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl ipv6-filter name string subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue
PlatformsSupported on all platforms

mac-filter name string

Description List of MAC ACL policies
Context acl mac-filter name string
Treemac-filter
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

name string

Description Name of the MAC ACL policy.
Context acl mac-filter name string
String Length1 to 255
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

description string

Description Description string for the MAC ACL policy
Contextacl mac-filter name string description string
Treedescription
String Length1 to 255
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

entry sequence-id number

Description List of filter rules.
Context acl mac-filter name string entry sequence-id number
Treeentry
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl mac-filter name string entry sequence-id number
Range1 to 65535
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
action
Description Container for the actions to be applied to packets matching the filter entry.
Contextacl mac-filter name string entry sequence-id number action
Treeaction
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl mac-filter name string entry sequence-id number action accept
Treeaccept
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
forwarding-class (keyword | reference)
Description The QoS forwarding class to which the packet is mapped
Contextacl mac-filter name string entry sequence-id number action accept forwarding-class (keyword | reference)
Treeforwarding-class
Options
  • fc0

    System default forwarding-class name for the FC with index 0

  • fc1

    System default forwarding-class name for the FC with index 1

  • fc2

    System default forwarding-class name for the FC with index 2

  • fc3

    System default forwarding-class name for the FC with index 3

  • fc4

    System default forwarding-class name for the FC with index 4

  • fc5

    System default forwarding-class name for the FC with index 5

  • fc6

    System default forwarding-class name for the FC with index 6

  • fc7

    System default forwarding-class name for the FC with index 7

  • fc8

    System default forwarding-class name for the FC with index 8

  • fc9

    System default forwarding-class name for the FC with index 9

  • fc10

    System default forwarding-class name for the FC with index 10

  • fc11

    System default forwarding-class name for the FC with index 11

  • fc12

    System default forwarding-class name for the FC with index 12

  • fc13

    System default forwarding-class name for the FC with index 13

  • fc14

    System default forwarding-class name for the FC with index 14

  • fc15

    System default forwarding-class name for the FC with index 15

Referenceqos forwarding-classes forwarding-class name string
ConfigurableTrue
PlatformsSupported on all platforms except 7220 IXR-D1
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl mac-filter name string entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl mac-filter name string entry sequence-id number action drop
Treedrop
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

For Ethernet packets matched by a MAC filter entry the log entry contains the folllowing information:

Contextacl mac-filter name string entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
description string
Description Description string for the filter entry
Contextacl mac-filter name string entry sequence-id number description string
Treedescription
String Length1 to 255
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
match
Description Container for the conditions that determine whether an Ethernet frame matches this entry
Contextacl mac-filter name string entry sequence-id number match
Treematch
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-mac
Description Ethernet frame matching criteria based on destination MAC address
Contextacl mac-filter name string entry sequence-id number match destination-mac
Treedestination-mac
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
address string
Description Match an Ethernet frame if its destination MAC address logically anded with the mask equals this MAC address.
Contextacl mac-filter name string entry sequence-id number match destination-mac address string
Treeaddress
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match an Ethernet frame if its destination MAC address logically anded with the mask equals the configured MAC address.
Contextacl mac-filter name string entry sequence-id number match destination-mac mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
ethertype (string | keyword)
Description An Ethernet frame matches this condition if its ethertype value (after 802.1Q VLAN tags) matches the specified value
Contextacl mac-filter name string entry sequence-id number match ethertype (string | keyword)
Treeethertype
Options
  • ipv4

    Internet Protocol version 4. Ethertype 0x0800.

  • arp

    Address Resolution Protocol. Ethertype 0x0806.

  • ipv6

    Internet Protocol version 6. Ethertype 0x86DD.

  • flow-control

    Ethernet flow control PAUSE frames. Ethertype 0x8808

  • lacp

    LACP. Ethertype 0x8809.

  • mpls-unicast

    MPLS unicast. Ethertype 0x8847.

  • mpls-multicast

    MPLS multicast. Ethertype 0x8848.

  • pppoe-discovery

    PPPoE discovery. Ethertype 0x8863.

  • pppoe-session

    PPPoE session. Ethertype 0x8864.

  • 8021x-authentication

    802.1x authentication (EAP). Ethertype 0x888E.

  • lldp

    Link Layer Discovery Protocol. Ethertype 0x88CC.

  • macsec

    IEEE 802.1AE MAC security. Ethertype 0x88E5.

  • pbb

    Provider Backbone Bridging. Ethertype 0x88E7.

  • ptp

    Precision Time Protocol. Ethertype 0x88F7.

  • eth-oam

    IEEE 802.1ag CFM and ITU-T Y.1731 OAM. Ethertype 0x8902.

  • fcoe

    Fibre Channel over Ethernet. Ethertype 0x8906.

  • fcoe-initialization

    Fibre Channel over Ethernet Initialization Protocol. Ethertype 0x8914.

  • roce

    RDMA over Converged Ethernet. Ethertype 0x8915.

ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-mac
Description Ethernet frame matching criteria based on source MAC address
Contextacl mac-filter name string entry sequence-id number match source-mac
Treesource-mac
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
address string
Description Match an Ethernet frame if its source MAC address logically anded with the mask equals this MAC address.
Contextacl mac-filter name string entry sequence-id number match source-mac address string
Treeaddress
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match an Ethernet frame if its source MAC address logically anded with the mask equals the configured MAC address.
Contextacl mac-filter name string entry sequence-id number match source-mac mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
vlan
Description Ethernet frame matching criteria based on VLAN tags
Contextacl mac-filter name string entry sequence-id number match vlan
Treevlan
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
outermost-vlan-id
Description Ethernet frame matching criteria based on the outermost VLAN ID found before the subinterface-defining VLAN tag (if any) is removed.
Contextacl mac-filter name string entry sequence-id number match vlan outermost-vlan-id
Treeoutermost-vlan-id
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl mac-filter name string entry sequence-id number match vlan outermost-vlan-id operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of VLAN IDs. Matched values include the start and end values.
Contextacl mac-filter name string entry sequence-id number match vlan outermost-vlan-id range
Treerange
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
statistics
Description Container for per-entry statistics
Context acl mac-filter name string entry sequence-id number statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
aggregate
Description Container for aggregated per-entry statistics. Not present if the entry is part of a filter with statistics-per-entry set to false.
Contextacl mac-filter name string entry sequence-id number statistics aggregate
Treeaggregate
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
in-last-match string
Description The elapsed time since an ingress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl mac-filter name string entry sequence-id number statistics aggregate in-last-match string
Treein-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
in-matched-packets number
Description The number of ingress packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl mac-filter name string entry sequence-id number statistics aggregate in-matched-packets number
Treein-matched-packets
Default0
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
out-last-match string
Description The elapsed time since an egress packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an output ACL
Contextacl mac-filter name string entry sequence-id number statistics aggregate out-last-match string
Treeout-last-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
out-matched-packets number
Description The number of egress packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an output ACL
Contextacl mac-filter name string entry sequence-id number statistics aggregate out-matched-packets number
Treeout-matched-packets
Default0
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
last-clear string
Description Time of the last clear command performed by the user at this level or a higher level
Contextacl mac-filter name string entry sequence-id number statistics last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
per-interface
Description Container for per-entry statistics on a per subinterface basis.
Contextacl mac-filter name string entry sequence-id number statistics per-interface
Treeper-interface
ConfigurableFalse
PlatformsSupported on all platforms
subinterface name string
Description

If subinterface-specific=disabled then this list is empty.

If subinterface-specific=input-only then this is the list of subinterfaces that apply the ACL as an input ACL

If subinterface-specific=output-only then this is the list of subinterfaces that apply the ACL as an output ACL.

If subinterface-specific=input-and-output then this is the list of subinterfaces that apply the ACL as an input ACL or an output ACL.

Contextacl mac-filter name string entry sequence-id number statistics per-interface subinterface name string
Treesubinterface
ConfigurableFalse
PlatformsSupported on all platforms
tcam-entries
Description Information about the TCAM entries used to implement the ACL entry
Contextacl mac-filter name string entry sequence-id number tcam-entries
Treetcam-entries
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
forwarding-complex complex-identifier string
Description List of forwarding complexes in the system
Contextacl mac-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string
Treeforwarding-complex
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
input-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this complex then input-total=0.

Contextacl mac-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string input-total number
Treeinput-total
ConfigurableFalse
PlatformsSupported on all platforms
output-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this complex then output-total=0.

Contextacl mac-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string output-total number
Treeoutput-total
ConfigurableFalse
PlatformsSupported on all platforms
single-instance number
Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this complex. It captures the effect of TCAM entry expansion to deal with L4 port or VLAN ranges, for example.

Contextacl mac-filter name string entry sequence-id number tcam-entries forwarding-complex complex-identifier string single-instance number
Treesingle-instance
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl mac-filter name string last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

statistics-per-entry boolean

Description

Collect statistics for each entry of the ACL

The exact set of statistics depend on the subinterface-specific mode

Contextacl mac-filter name string statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl mac-filter name string subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue
Platforms7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

policers

Description Container for policer definitions used by ACL entries
Contextacl policers
Treepolicers
ConfigurableTrue
PlatformsSupported on all platforms

policer name string

Description List of policer templates used in subintreface and CPM Filter ACL.
Contextacl policers policer name string
Treepolicer
ConfigurableTrue
PlatformsSupported on all platforms except 7220
name string
Description User-defined name of the policer
Context acl policers policer name string
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms except 7220
entry-specific boolean
Description

If set to false, one policer instance is created from this template and it is shared by all entries of in the same ACL filter that refer to this policer.

If set to true, multiple policer instances are created from this template, one for each ACL filter entry that refers to the policer template.

Contextacl policers policer name string entry-specific boolean
Treeentry-specific
ConfigurableTrue
PlatformsSupported on all platforms
max-burst number
Description The MBS bucket depth in bytes
Context acl policers policer name string max-burst number
Treemax-burst
Range1 to 125000000
Unitsbytes
ConfigurableTrue
PlatformsSupported on all platforms except 7220
peak-rate number
Description The PIR rate in kbps (bucket empty/fill rate).
Contextacl policers policer name string peak-rate number
Treepeak-rate
Range1 to 1000000
Unitskbps
ConfigurableTrue
PlatformsSupported on all platforms except 7220
statistics
Description Container for linecard policer statistics.
Contextacl policers policer name string statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms except 7220
aggregate
Description

None of these statistics are populated if the policer is configured as entry-specific=true.

If entry-specific=false and subinterface-specific=true, this is sum of all the entries and all the policer templates instantiated for all subintrefaces.

If entry-specific=false and subinterface-specific=false, this is sum of all the entries using this policer template.

Contextacl policers policer name string statistics aggregate
Treeaggregate
ConfigurableFalse
PlatformsSupported on all platforms except 7220
last-clear string
Description Time of the last clear command that applied to these statistics
Contextacl policers policer name string statistics last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms except 7220

system-cpu-policer name string

Description List of system CPU policer templates. For each policer in this list one or more policer instances are implemented in the XDP-CPM software and these policer instances process the aggregate of terminating traffic received from all linecards.
Contextacl policers system-cpu-policer name string
Treesystem-cpu-policer
ConfigurableTrue
PlatformsSupported on all platforms
name string
Description User-defined name of the policer
Context acl policers system-cpu-policer name string
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms
entry-specific boolean
Description

If set to false, only one policer instance is created from this template and it is shared by all entries of all cpm-filter ACLs that refer to this policer.

If set to true, multiple policer instances are created from this template, one for each cpm-filter entry that refers to the policer template.

Contextacl policers system-cpu-policer name string entry-specific boolean
Treeentry-specific
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description

Container for system CPU policer statistics

None of these statistics are populated if the policer is configured as entry-specific=true.

Contextacl policers system-cpu-policer name string statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms

system-filter

Description Top level container for System filters
Contextacl system-filter
Treesystem-filter
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

ipv4-filter

Description Top level container for System IPv4 filters
Contextacl system-filter ipv4-filter
Treeipv4-filter
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
entry sequence-id number
Description List of filter rules.
Context acl system-filter ipv4-filter entry sequence-id number
Treeentry
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl system-filter ipv4-filter entry sequence-id number
Range1 to 256
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
action
Description Container for the actions to be applied to packets matching the System filter entry.
Contextacl system-filter ipv4-filter entry sequence-id number action
Treeaction
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
drop
Description Drop matching packets without sending any ICMP messages back to the source
Contextacl system-filter ipv4-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
log boolean
Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

Contextacl system-filter ipv4-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl system-filter ipv4-filter entry sequence-id number match
Treematch
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-ip
Description Packet matching criteria based on destination IPv4 address
Contextacl system-filter ipv4-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match destination-ip mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv4-filter entry sequence-id number match destination-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
end (number | keyword)
Description The ending port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
start (number | keyword)
Description The starting port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
value (number | keyword)
Description A destination port number
Context acl system-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl system-filter ipv4-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
first-fragment boolean
Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl system-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
fragment boolean
Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl system-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
icmp
Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
code number
Description

Match if the ICMP code value is any value in the list

Requires ICMP type to be specified because codes are type dependent.

Contextacl system-filter ipv4-filter entry sequence-id number match icmp code number
Treecode
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
type (number | keyword)
Description Match a single ICMP type value.
Context acl system-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
protocol (number | keyword)
Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl system-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-ip
Description Packet matching criteria based on source IPv4 address
Contextacl system-filter ipv4-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
address string
Description Match a packet if its source IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match source-ip address string
Treeaddress
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv4-filter entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl system-filter ipv4-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
end (number | keyword)
Description The ending port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
start (number | keyword)
Description The starting port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
value (number | keyword)
Description A source port number
Context acl system-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
tcp-flags string
Description A logical expression using the &, | and ! logical operators and the TCP flag names: rst, syn and ack.
Contextacl system-filter ipv4-filter entry sequence-id number match tcp-flags string
Treetcp-flags
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
statistics
Description Statistics container for packets matching the system-filter entry
Contextacl system-filter ipv4-filter entry sequence-id number statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
tcam-entries number
Description The number of TCAM entries required to implement a single instance of this filter rule.
Contextacl system-filter ipv4-filter entry sequence-id number tcam-entries number
Treetcam-entries
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl system-filter ipv4-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

ipv6-filter

Description Top level container for System IPv6 filters
Contextacl system-filter ipv6-filter
Treeipv6-filter
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
entry sequence-id number
Description List of filter rules.
Context acl system-filter ipv6-filter entry sequence-id number
Treeentry
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl system-filter ipv6-filter entry sequence-id number
Range1 to 128
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
action
Description Container for the actions to be applied to packets matching the System filter entry.
Contextacl system-filter ipv6-filter entry sequence-id number action
Treeaction
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
drop
Description Drop matching packets without sending any ICMP messages back to the source
Contextacl system-filter ipv6-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
log boolean
Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

Contextacl system-filter ipv6-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl system-filter ipv6-filter entry sequence-id number match
Treematch
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-ip
Description Packet matching criteria based on destination IPv6 address
Contextacl system-filter ipv6-filter entry sequence-id number match destination-ip
Treedestination-ip
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match destination-ip mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv6-filter entry sequence-id number match destination-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port range
Treerange
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
end (number | keyword)
Description The ending port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
start (number | keyword)
Description The starting port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
value (number | keyword)
Description A destination port number
Context acl system-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl system-filter ipv6-filter entry sequence-id number match dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7250 IXR-10e, 7250 IXR-6e, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D2L, 7250 IXR-10, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D1, 7220 IXR-D2, 7250 IXR-6
icmp6
Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
code number
Description

Match if the ICMPv6 code value is any value in the list

Requires ICMPv6 type to be specified because codes are type dependent.

Contextacl system-filter ipv6-filter entry sequence-id number match icmp6 code number
Treecode
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
type (number | keyword)
Description Match a single ICMPv6 type value
Context acl system-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
next-header (number | keyword)
Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl system-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-ip
Description Packet matching criteria based on source IPv6 address
Contextacl system-filter ipv6-filter entry sequence-id number match source-ip
Treesource-ip
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
address string
Description Match a packet if its source IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match source-ip address string
Treeaddress
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
mask string
Description Match a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
operator keyword
Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv6-filter entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl system-filter ipv6-filter entry sequence-id number match source-port range
Treerange
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
end (number | keyword)
Description The ending port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
start (number | keyword)
Description The starting port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
value (number | keyword)
Description A source port number
Context acl system-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
tcp-flags string
Description A logical expression using the &, | and ! logical operators and the TCP flag names: rst, syn and ack.
Contextacl system-filter ipv6-filter entry sequence-id number match tcp-flags string
Treetcp-flags
ConfigurableTrue
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
statistics
Description Statistics container for packets matching the system-filter entry
Contextacl system-filter ipv6-filter entry sequence-id number statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
tcam-entries number
Description The number of TCAM entries required to implement a single instance of this filter rule.
Contextacl system-filter ipv6-filter entry sequence-id number tcam-entries number
Treetcam-entries
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl system-filter ipv6-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D3L, 7220 IXR-D2L, 7220 IXR-D5, 7220 IXR-D4, 7220 IXR-D3, 7220 IXR-D2

tcam-profile keyword

Description Specify the TCAM resource management profile
Contextacl tcam-profile keyword
Treetcam-profile
Options
  • default

    Default allocation that provides twice as many resources to ingress ACLs as egress ACLs

  • ipv4-egress-scaled

    Alternate allocation that provides more resources to IPv4 egress ACLs than any other application

ConfigurableTrue
PlatformsSupported on all platforms