acl

acl
+  acl-filter name string type keyword 
   +  description string
   +  entry sequence-id number 
      +  action
         +  accept
            +  forwarding-class reference
            +  rate-limit
               +  policer reference
               +  system-cpu-policer reference
         +  copy
         +  drop
         +  log boolean
      +  description string
      -  last-clear string
      +  match
         +  ipv4
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  dscp-set (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
         +  ipv6
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  dscp-set (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
         +  l2
            +  destination-mac
               +  address string
               +  mask string
            +  ethertype (string | keyword)
            +  source-mac
               +  address string
               +  mask string
            +  vlan
               +  outermost-vlan-id
                  +  none 
                  +  operator keyword
                  +  range
                     +  end number
                     +  start number
                  +  value number
         +  transport
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
      -  statistics
         -  incomplete boolean
         -  last-clear string
         -  last-match string
         -  matched-packets number
         -  policer
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
         -  system-cpu-policer
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
      -  tcam-entries
         -  forwarding-complex complex-identifier string 
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
-  datapath-programming
   -  forwarding-complex slot-id number complex-id number 
      -  last-completed-timestamp string
      -  programming-complete boolean
+  egress-mac-filtering boolean
+  interface interface-id string 
   +  input
      +  acl-filter name reference type reference 
         -  entry sequence-id reference 
            -  policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  statistics
               -  incomplete boolean
               -  last-clear string
               -  last-match string
               -  matched-packets number
      -  statistics
         -  last-clear string
         -  policer
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
   +  interface-ref
      +  interface reference
      +  subinterface reference
   +  output
      +  acl-filter name reference type reference 
         -  entry sequence-id reference 
            -  policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  statistics
               -  incomplete boolean
               -  last-clear string
               -  last-match string
               -  matched-packets number
      -  statistics
         -  last-clear string
         -  policer
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
+  policers
   +  policer name string 
      +  entry-specific boolean
      +  max-burst number
      +  peak-rate number
      +  scope keyword
      -  statistics
         -  aggregate
            -  conforming-octets number
            -  conforming-packets number
            -  exceeding-octets number
            -  exceeding-packets number
            -  last-clear string
   +  system-cpu-policer name string 
      +  entry-specific boolean
      +  max-packet-burst number
      +  peak-packet-rate number
      -  statistics
         -  conforming-octets number
         -  conforming-packets number
         -  exceeding-octets number
         -  exceeding-packets number
         -  last-clear string
+  tcam-profile keyword

acl Descriptions

acl

Description Top level container for configuration and operational state related to access control lists (ACLs)
Contextacl
Treeacl
ConfigurableTrue
PlatformsSupported on all platforms

acl-filter name string type keyword

Description List of filter types such as IPv4, IPv6 and MAC depending on the platform's capabilities.
Contextacl acl-filter name string type keyword
Treeacl-filter
ConfigurableTrue
PlatformsSupported on all platforms

name string

Description ACL Filter policy name
Context acl acl-filter name string type keyword
ConfigurableTrue
PlatformsSupported on all platforms

type keyword

Description Defines the type of ACL filter: ipv4: IPv4 ACL filter ipv6: IPv6 ACL filter mac: MAC ACL filter
Contextacl acl-filter name string type keyword
Options
  • ipv4

  • ipv6

  • mac

ConfigurableTrue
PlatformsSupported on all platforms

description string

Description Description string for the filter policy
Contextacl acl-filter name string type keyword description string
Treedescription
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms

entry sequence-id number

Description List of ACL entries comprising an ACL Filter
Contextacl acl-filter name string type keyword entry sequence-id number
Treeentry
ConfigurableTrue
PlatformsSupported on all platforms
sequence-id number
Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl acl-filter name string type keyword entry sequence-id number
Range0 to 65535
ConfigurableTrue
PlatformsSupported on all platforms
action
Description Container for the actions to be applied to packets matching the filter entry.
Contextacl acl-filter name string type keyword entry sequence-id number action
Treeaction
ConfigurableTrue
PlatformsSupported on all platforms
accept
Description Accept matching packets and forward them towards their normal destination
Contextacl acl-filter name string type keyword entry sequence-id number action accept
Treeaccept
ConfigurableTrue
PlatformsSupported on all platforms
rate-limit
Description Rate-limit accepted packets
Context acl acl-filter name string type keyword entry sequence-id number action accept rate-limit
Treerate-limit
ConfigurableTrue
PlatformsSupported on all platforms
copy
Description Create a copy of matching packets extract them to the CPM and deliver them to the designated veth interface
Contextacl acl-filter name string type keyword entry sequence-id number action copy
Treecopy
ConfigurableTrue
PlatformsSupported on all platforms
drop
Description

Drop matching packets.

Dropped IP packets do not result in sending ICMP messages back to the source

Contextacl acl-filter name string type keyword entry sequence-id number action drop
Treedrop
ConfigurableTrue
PlatformsSupported on all platforms
log boolean
Description

When this is true, a log is created for each packet matching the entry

For IP packets matched by an IP filter entry the log entry contains the following information:

Contextacl acl-filter name string type keyword entry sequence-id number action log boolean
Treelog
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
match
Description Container for the conditions that determine whether a packet matches this entry
Contextacl acl-filter name string type keyword entry sequence-id number match
Treematch
ConfigurableTrue
PlatformsSupported on all platforms
ipv4
Description Container for the common layer-3 IPv4 match criteria
Contextacl acl-filter name string type keyword entry sequence-id number match ipv4
Treeipv4
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv4 address
Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
first-fragment boolean
Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 first-fragment boolean
Treefirst-fragment
ConfigurableTrue
PlatformsSupported on all platforms
fragment boolean
Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 fragment boolean
Treefragment
ConfigurableTrue
PlatformsSupported on all platforms
icmp
Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 icmp
Treeicmp
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMP code value is any value in the list

Requires ICMP type to be specified because codes are type dependent.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 icmp code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMP type value.
Context acl acl-filter name string type keyword entry sequence-id number match ipv4 icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True
PlatformsSupported on all platforms
protocol (number | keyword)
Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv4 address
Contextacl acl-filter name string type keyword entry sequence-id number match ipv4 source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
ipv6
Description Container for the common layer-3 IPv6 match criteria
Contextacl acl-filter name string type keyword entry sequence-id number match ipv6
Treeipv6
ConfigurableTrue
PlatformsSupported on all platforms
destination-ip
Description Packet matching criteria based on destination IPv6 address
Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 destination-ip
Treedestination-ip
ConfigurableTrue
PlatformsSupported on all platforms
dscp-set (number | keyword)
Description A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches.
Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 dscp-set (number | keyword)
Treedscp-set
Range0 to 63
Options
  • CS0

  • LE

  • CS1

  • AF11

  • AF12

  • AF13

  • CS2

  • AF21

  • AF22

  • AF23

  • CS3

  • AF31

  • AF32

  • AF33

  • CS4

  • AF41

  • AF42

  • AF43

  • CS5

  • EF

  • CS6

  • CS7

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
icmp6
Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6
Treeicmp6
ConfigurableTrue
PlatformsSupported on all platforms
code number
Description

Match if the ICMPv6 code value is any value in the list

Requires ICMPv6 type to be specified because codes are type dependent.

Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6 code number
Treecode
ConfigurableTrue
PlatformsSupported on all platforms
type (number | keyword)
Description Match a single ICMPv6 type value
Context acl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue
PlatformsSupported on all platforms
next-header (number | keyword)
Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • ospf

    OSPFv2 and OSPFv3

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

Configurable True
PlatformsSupported on all platforms
source-ip
Description Packet matching criteria based on source IPv6 address
Contextacl acl-filter name string type keyword entry sequence-id number match ipv6 source-ip
Treesource-ip
ConfigurableTrue
PlatformsSupported on all platforms
l2
Description Container for the common layer-2 match criteria
Contextacl acl-filter name string type keyword entry sequence-id number match l2
Treel2
ConfigurableTrue
PlatformsSupported on all platforms
destination-mac
Description Ethernet frame matching criteria based on destination MAC address
Contextacl acl-filter name string type keyword entry sequence-id number match l2 destination-mac
Treedestination-mac
ConfigurableTrue
PlatformsSupported on all platforms
ethertype (string | keyword)
Description An Ethernet frame matches this condition if its ethertype value (after 802.1Q VLAN tags) matches the specified value
Contextacl acl-filter name string type keyword entry sequence-id number match l2 ethertype (string | keyword)
Treeethertype
Options
  • ipv4

    Internet Protocol version 4. Ethertype 0x0800.

  • arp

    Address Resolution Protocol. Ethertype 0x0806.

  • ipv6

    Internet Protocol version 6. Ethertype 0x86DD.

  • flow-control

    Ethernet flow control PAUSE frames. Ethertype 0x8808

  • lacp

    LACP. Ethertype 0x8809.

  • mpls-unicast

    MPLS unicast. Ethertype 0x8847.

  • mpls-multicast

    MPLS multicast. Ethertype 0x8848.

  • pppoe-discovery

    PPPoE discovery. Ethertype 0x8863.

  • pppoe-session

    PPPoE session. Ethertype 0x8864.

  • 8021x-authentication

    802.1x authentication (EAP). Ethertype 0x888E.

  • lldp

    Link Layer Discovery Protocol. Ethertype 0x88CC.

  • macsec

    IEEE 802.1AE MAC security. Ethertype 0x88E5.

  • pbb

    Provider Backbone Bridging. Ethertype 0x88E7.

  • ptp

    Precision Time Protocol. Ethertype 0x88F7.

  • eth-oam

    IEEE 802.1ag CFM and ITU-T Y.1731 OAM. Ethertype 0x8902.

  • fcoe

    Fibre Channel over Ethernet. Ethertype 0x8906.

  • fcoe-initialization

    Fibre Channel over Ethernet Initialization Protocol. Ethertype 0x8914.

  • roce

    RDMA over Converged Ethernet. Ethertype 0x8915.

ConfigurableTrue
PlatformsSupported on all platforms
source-mac
Description Ethernet frame matching criteria based on source MAC address
Contextacl acl-filter name string type keyword entry sequence-id number match l2 source-mac
Treesource-mac
ConfigurableTrue
PlatformsSupported on all platforms
vlan
Description Ethernet frame matching criteria based on VLAN tags
Contextacl acl-filter name string type keyword entry sequence-id number match l2 vlan
Treevlan
ConfigurableTrue
PlatformsSupported on all platforms
outermost-vlan-id
Description Ethernet frame matching criteria based on the outermost VLAN ID found before the subinterface-defining VLAN tag (if any) is removed.
Contextacl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id
Treeoutermost-vlan-id
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of VLAN IDs. Matched values include the start and end values.
Contextacl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
transport
Description Container for the common layer-4 transport match criteria
Contextacl acl-filter name string type keyword entry sequence-id number match transport
Treetransport
ConfigurableTrue
PlatformsSupported on all platforms
destination-port
Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl acl-filter name string type keyword entry sequence-id number match transport destination-port
Treedestination-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl acl-filter name string type keyword entry sequence-id number match transport destination-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl acl-filter name string type keyword entry sequence-id number match transport destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl acl-filter name string type keyword entry sequence-id number match transport destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A destination port number
Context acl acl-filter name string type keyword entry sequence-id number match transport destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
source-port
Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl acl-filter name string type keyword entry sequence-id number match transport source-port
Treesource-port
ConfigurableTrue
PlatformsSupported on all platforms
range
Description Container used to specify a contiguous range of TCP/UDP port numbers
Contextacl acl-filter name string type keyword entry sequence-id number match transport source-port range
Treerange
ConfigurableTrue
PlatformsSupported on all platforms
end (number | keyword)
Description The ending port number to include in the range
Contextacl acl-filter name string type keyword entry sequence-id number match transport source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
start (number | keyword)
Description The starting port number to include in the range
Contextacl acl-filter name string type keyword entry sequence-id number match transport source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
value (number | keyword)
Description A source port number
Context acl acl-filter name string type keyword entry sequence-id number match transport source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description Container for per-entry statistics
Context acl acl-filter name string type keyword entry sequence-id number statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
incomplete boolean
Description Returns true when at least one linecard had insufficient stats resources to ensure an accurate set of values for the number of matched packets.
Contextacl acl-filter name string type keyword entry sequence-id number statistics incomplete boolean
Treeincomplete
ConfigurableFalse
PlatformsSupported on all platforms
last-match string
Description The elapsed time since a packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl acl-filter name string type keyword entry sequence-id number statistics last-match string
Treelast-match
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms
matched-packets number
Description The number of packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL
Contextacl acl-filter name string type keyword entry sequence-id number statistics matched-packets number
Treematched-packets
Default0
ConfigurableFalse
PlatformsSupported on all platforms
policer
Description

Policer stats for traffic matching the entry:

Statistics for policer configured with scope=global and entry-specific=true, and acl configured with subinterface-specific=false.

Contextacl acl-filter name string type keyword entry sequence-id number statistics policer
Treepolicer
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
conforming-octets number
Description The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl acl-filter name string type keyword entry sequence-id number statistics policer conforming-octets number
Treeconforming-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
conforming-packets number
Description The number of packets (actually Ethernet frames) that were considered conforming by the policer
Contextacl acl-filter name string type keyword entry sequence-id number statistics policer conforming-packets number
Treeconforming-packets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
exceeding-octets number
Description The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl acl-filter name string type keyword entry sequence-id number statistics policer exceeding-octets number
Treeexceeding-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
exceeding-packets number
Description The number of packets (actually Ethernet frames) that were considered exceeding by the policer
Contextacl acl-filter name string type keyword entry sequence-id number statistics policer exceeding-packets number
Treeexceeding-packets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
system-cpu-policer
Description

System CPU policer stats for traffic matching the entry:

Statistics for system cpu policer configured with scope=global and entry-specific=true, and acl configured with subinterface-specific=false.

Contextacl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer
Treesystem-cpu-policer
ConfigurableFalse
PlatformsSupported on all platforms
tcam-entries
Description Information about the TCAM entries used to implement the ACL entry
Contextacl acl-filter name string type keyword entry sequence-id number tcam-entries
Treetcam-entries
ConfigurableFalse
PlatformsSupported on all platforms
forwarding-complex complex-identifier string
Description List of forwarding complexes in the system
Contextacl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string
Treeforwarding-complex
ConfigurableFalse
PlatformsSupported on all platforms
input-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this complex then input-total=0.

Contextacl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string input-total number
Treeinput-total
ConfigurableFalse
PlatformsSupported on all platforms
output-total number
Description

The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this complex then output-total=0.

Contextacl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string output-total number
Treeoutput-total
ConfigurableFalse
PlatformsSupported on all platforms
single-instance number
Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this complex. It captures the effect of TCAM entry expansion to deal with L4 port or VLAN ranges, for example.

Contextacl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string single-instance number
Treesingle-instance
ConfigurableFalse
PlatformsSupported on all platforms

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl acl-filter name string type keyword last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
PlatformsSupported on all platforms

statistics-per-entry boolean

Description

Collect statistics for each entry of the ACL. If this is set to false no hardware resources are allocated to collecting statistics for this ACL policy.

The exact set of statistics depend on the subinterface-specific mode

Contextacl acl-filter name string type keyword statistics-per-entry boolean
Treestatistics-per-entry
ConfigurableTrue
PlatformsSupported on all platforms

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl acl-filter name string type keyword subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue
PlatformsSupported on all platforms

datapath-programming

Description Container to represent the progress of ACL datapath programming
Contextacl datapath-programming
Treedatapath-programming
ConfigurableFalse
PlatformsSupported on all platforms

forwarding-complex slot-id number complex-id number

Description List of forwarding complexes that are currently installed and online
Contextacl datapath-programming forwarding-complex slot-id number complex-id number
Treeforwarding-complex
ConfigurableFalse
PlatformsSupported on all platforms

egress-mac-filtering boolean

Description

Must be set to true in order to apply any MAC ACLs to any subinterface in the egress traffic direction.

Internally this sets the following limits:

Remember that the number of ACL instances per ACL policy is greater than one if subinterface-specific is set to input-and-output or output-only.

A setting of true is blocked if the number of IPv4 ACL instances applied to egress traffic is already greater than 32, or if the number of IPv6 ACL instances applied to egress traffic is already greater than 32.

Contextacl egress-mac-filtering boolean
Treeegress-mac-filtering
Defaultfalse
ConfigurableTrue
Platforms7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5

interface interface-id string

Description List of interfaces and subinterfaces referencing ACL filters.
Contextacl interface interface-id string
Treeinterface
ConfigurableTrue
PlatformsSupported on all platforms

interface-id string

Description Identifier for the interface or subinterface.
Contextacl interface interface-id string
ConfigurableTrue
PlatformsSupported on all platforms

input

Description Container for ACL filters that apply to ingress traffic on the subinterface
Contextacl interface interface-id string input
Treeinput
ConfigurableTrue
PlatformsSupported on all platforms
acl-filter name reference type reference
Description

MAC, IPv4, IPv6 ACL filter(s) to be applied on this subinterface direction

On 7220 and 7250 IXR platforms only a single MAC, IPv4 or IPv6 filter is supported.

Contextacl interface interface-id string input acl-filter name reference type reference
Treeacl-filter
ConfigurableTrue
PlatformsSupported on all platforms
Max. Elements4
entry sequence-id reference
Description ACL Filter statistics per entry and per subinterface
Contextacl interface interface-id string input acl-filter name reference type reference entry sequence-id reference
Treeentry
ConfigurableFalse
PlatformsSupported on all platforms
policer
Description

Policer stats for traffic matching the entry:

Statistics under /acl/interfaces for policer configured with scope=subinterface and entry-specific=true, and acl configured with subinterface-specific=input-and-output.

Contextacl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer
Treepolicer
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
statistics
Description Container for per-entry statistics
Context acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
statistics
Description Container for policer scope=subinterface and per-entry-statistics=false statistics
Contextacl interface interface-id string input statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl interface interface-id string input statistics last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
policer
Description

Policer stats for traffic matching one or multiple entries:

List of ACL policer statistics of scope=subinterface and per-entry-statistics=false, and acl configured with subinterface-specific=false.

Contextacl interface interface-id string input statistics policer
Treepolicer
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
conforming-octets number
Description The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl interface interface-id string input statistics policer conforming-octets number
Treeconforming-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
exceeding-octets number
Description The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl interface interface-id string input statistics policer exceeding-octets number
Treeexceeding-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5

interface-ref

Description Reference to an interface or subinterface
Contextacl interface interface-id string interface-ref
Treeinterface-ref
ConfigurableTrue
PlatformsSupported on all platforms

output

Description Container for ACL filters that apply to ingress traffic on the subinterface
Contextacl interface interface-id string output
Treeoutput
ConfigurableTrue
PlatformsSupported on all platforms
acl-filter name reference type reference
Description

MAC, IPv4, IPv6 ACL filter(s) to be applied on this subinterface direction

On 7220 and 7250 IXR platforms only a single MAC, IPv4 or IPv6 filter is supported.

Contextacl interface interface-id string output acl-filter name reference type reference
Treeacl-filter
ConfigurableTrue
PlatformsSupported on all platforms
Max. Elements4
entry sequence-id reference
Description ACL Filter statistics per entry and per subinterface
Contextacl interface interface-id string output acl-filter name reference type reference entry sequence-id reference
Treeentry
ConfigurableFalse
PlatformsSupported on all platforms
policer
Description

Policer stats for traffic matching the entry:

Statistics under /acl/interfaces for policer configured with scope=subinterface and entry-specific=true, and acl configured with subinterface-specific=input-and-output.

Contextacl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer
Treepolicer
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
statistics
Description Container for per-entry statistics
Context acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms
statistics
Description Container for policer scope=subinterface and per-entry-statistics=false statistics
Contextacl interface interface-id string output statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
last-clear string
Description Time of the last clear command performed by the user at this level
Contextacl interface interface-id string output statistics last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
policer
Description

Policer stats for traffic matching one or multiple entries:

List of ACL policer statistics of scope=subinterface and per-entry-statistics=false, and acl configured with subinterface-specific=false.

Contextacl interface interface-id string output statistics policer
Treepolicer
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
conforming-octets number
Description The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl interface interface-id string output statistics policer conforming-octets number
Treeconforming-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
exceeding-octets number
Description The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl interface interface-id string output statistics policer exceeding-octets number
Treeexceeding-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5

policers

Description Container for policer definitions used by ACL entries
Contextacl policers
Treepolicers
ConfigurableTrue
PlatformsSupported on all platforms

policer name string

Description List of policer templates used in subintreface and CPM Filter ACL.
Contextacl policers policer name string
Treepolicer
ConfigurableTrue
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
name string
Description User-defined name of the policer
Context acl policers policer name string
String Length1 to 255
ConfigurableTrue
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
entry-specific boolean
Description

Controls the instantiation of the policer between filter entries

false: one policer instance is created from this template and it is shared by all entries of in the same ACL filter that refer to this policer

true: multiple policer instances are created from this template, one for each ACL filter entry that refers to this policer

Contextacl policers policer name string entry-specific boolean
Treeentry-specific
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
max-burst number
Description The MBS bucket depth in bytes
Context acl policers policer name string max-burst number
Treemax-burst
Range1 to 125000000
Unitsbytes
ConfigurableTrue
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
peak-rate number
Description The PIR rate in kbps (bucket empty/fill rate).
Contextacl policers policer name string peak-rate number
Treepeak-rate
Range1 to 800000000
Unitskbps
ConfigurableTrue
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
scope keyword
Description

Controls the instantiation of the policer between subinterfaces

global: policer is instantiated per direction and shared between ACL, requires filter subinterface-specific disabled

subinterface: policer is instantiated per subinterface and per direction, requires filter subinterface-specific input-and-ouput

Contextacl policers policer name string scope keyword
Treescope
Defaultglobal
Options
  • global

  • subinterface

Configurable True
Platforms7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5
statistics
Description Container for linecard policer statistics.
Contextacl policers policer name string statistics
Treestatistics
ConfigurableFalse
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
aggregate
Description

None of these statistics are populated if the policer is configured as entry-specific=true.

If entry-specific=false and subinterface-specific=true, this is sum of all the entries and all the policer templates instantiated for all subintrefaces.

If entry-specific=false and subinterface-specific=false, this is sum of all the entries using this policer template.

Contextacl policers policer name string statistics aggregate
Treeaggregate
ConfigurableFalse
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
conforming-octets number
Description The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl policers policer name string statistics aggregate conforming-octets number
Treeconforming-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
exceeding-octets number
Description The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl policers policer name string statistics aggregate exceeding-octets number
Treeexceeding-octets
Default0
ConfigurableFalse
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e
last-clear string
Description Time of the last clear command that applied to these statistics
Contextacl policers policer name string statistics aggregate last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse
Platforms7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e

system-cpu-policer name string

Description List of system CPU policer templates. For each policer in this list one or more policer instances are implemented in the XDP-CPM software and these policer instances process the aggregate of terminating traffic received from all linecards.
Contextacl policers system-cpu-policer name string
Treesystem-cpu-policer
ConfigurableTrue
PlatformsSupported on all platforms
name string
Description User-defined name of the policer
Context acl policers system-cpu-policer name string
String Length1 to 255
ConfigurableTrue
PlatformsSupported on all platforms
entry-specific boolean
Description

If set to false, only one policer instance is created from this template and it is shared by all entries of all cpm-filter ACLs that refer to this policer.

If set to true, multiple policer instances are created from this template, one for each cpm-filter entry that refers to the policer template.

Contextacl policers system-cpu-policer name string entry-specific boolean
Treeentry-specific
Defaultfalse
ConfigurableTrue
PlatformsSupported on all platforms
statistics
Description

Container for system CPU policer statistics

None of these statistics are populated if the policer is configured as entry-specific=true.

Contextacl policers system-cpu-policer name string statistics
Treestatistics
ConfigurableFalse
PlatformsSupported on all platforms

tcam-profile keyword

Description Specify the TCAM resource management profile
Contextacl tcam-profile keyword
Treetcam-profile
Options
  • default

    Default allocation that provides twice as many resources to ingress ACLs as egress ACLs

  • ipv4-egress-scaled

    Alternate allocation that provides more resources to IPv4 egress ACLs than any other application

  • acl-mfc-ipv4-only

    Alternate allocation that provides maximum entries for IPv4 ACLs and IPv4 MFC policies and provides no space for MAC ACLs, IPv6 ACLs or IPv6 MFC policies

ConfigurableTrue
Platforms7220 IXR-D4, 7220 IXR-D5