acl

acl
+  capture-filter
   +  ipv4-filter
      +  entry sequence-id number
         +  action
            +  accept
            +  copy
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  tcam-entries number
   +  ipv6-filter
      +  entry sequence-id number
         +  action
            +  accept
            +  copy
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  tcam-entries number
+  cpm-filter
   +  ipv4-filter
      +  entry sequence-id number
         +  action
            +  accept
               +  log boolean
               +  rate-limit
                  +  distributed-policer reference
                  +  system-cpu-policer reference
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  distributed-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  last-clear string
            -  last-match string
            -  matched-packets number
            -  system-cpu-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
         -  tcam-entries number
      -  last-clear string
      +  statistics-per-entry boolean
   +  ipv6-filter
      +  entry sequence-id number
         +  action
            +  accept
               +  log boolean
               +  rate-limit
                  +  distributed-policer reference
                  +  system-cpu-policer reference
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  distributed-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
            -  last-clear string
            -  last-match string
            -  matched-packets number
            -  system-cpu-policer
               -  conforming-octets number
               -  conforming-packets number
               -  exceeding-octets number
               -  exceeding-packets number
         -  tcam-entries number
      -  last-clear string
      +  statistics-per-entry boolean
+  ipv4-filter name string
   +  description string
   +  entry sequence-id number
      +  action
         +  accept
            +  log boolean
         +  drop
            +  log boolean
      +  description string
      +  match
         +  destination-ip
            +  address string
            +  mask string
            +  prefix string
         +  destination-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  first-fragment boolean
         +  fragment boolean
         +  icmp
            +  code number
            +  type (number | keyword)
         +  protocol (number | keyword)
         +  source-ip
            +  address string
            +  mask string
            +  prefix string
         +  source-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  tcp-flags string
      -  statistics
         -  aggregate
            -  in-last-match string
            -  in-matched-packets number
            -  out-last-match string
            -  out-matched-packets number
         -  last-clear string
         -  per-interface
            -  subinterface name string
               -  in-last-match string
               -  in-matched-packets number
               -  last-clear string
               -  out-last-match string
               -  out-matched-packets number
      -  tcam-entries
         -  linecard slot number
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   -  statistics
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
+  ipv6-filter name string
   +  description string
   +  entry sequence-id number
      +  action
         +  accept
            +  log boolean
         +  drop
            +  log boolean
      +  description string
      +  match
         +  destination-ip
            +  address string
            +  mask string
            +  prefix string
         +  destination-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  icmp6
            +  code number
            +  type (number | keyword)
         +  next-header (number | keyword)
         +  source-ip
            +  address string
            +  mask string
            +  prefix string
         +  source-port
            +  operator keyword
            +  range
               +  end (number | keyword)
               +  start (number | keyword)
            +  value (number | keyword)
         +  tcp-flags string
      -  statistics
         -  aggregate
            -  in-last-match string
            -  in-matched-packets number
            -  out-last-match string
            -  out-matched-packets number
         -  last-clear string
         -  per-interface
            -  subinterface name string
               -  in-last-match string
               -  in-matched-packets number
               -  last-clear string
               -  out-last-match string
               -  out-matched-packets number
      -  tcam-entries
         -  linecard slot number
            -  input-total number
            -  output-total number
            -  single-instance number
   -  last-clear string
   -  statistics
   +  statistics-per-entry boolean
   +  subinterface-specific keyword
+  policers
   +  policer name string
      +  entry-specific boolean
      +  max-burst number
      +  peak-rate number
      -  statistics
         -  conforming-octets number
         -  conforming-packets number
         -  exceeding-octets number
         -  exceeding-packets number
         -  last-clear string
   +  system-cpu-policer name string
      +  entry-specific boolean
      +  max-packet-burst number
      +  peak-packet-rate number
      -  statistics
         -  conforming-octets number
         -  conforming-packets number
         -  exceeding-octets number
         -  exceeding-packets number
         -  last-clear string
+  system-filter
   +  ipv4-filter
      +  entry sequence-id number
         +  action
            +  accept
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  first-fragment boolean
            +  fragment boolean
            +  icmp
               +  code number
               +  type (number | keyword)
            +  protocol (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  last-clear string
            -  last-match string
            -  matched-packets number
         -  tcam-entries number
      -  last-clear string
   +  ipv6-filter
      +  entry sequence-id number
         +  action
            +  accept
            +  drop
               +  log boolean
         +  description string
         +  match
            +  destination-ip
               +  address string
               +  mask string
               +  prefix string
            +  destination-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  icmp6
               +  code number
               +  type (number | keyword)
            +  next-header (number | keyword)
            +  source-ip
               +  address string
               +  mask string
               +  prefix string
            +  source-port
               +  operator keyword
               +  range
                  +  end (number | keyword)
                  +  start (number | keyword)
               +  value (number | keyword)
            +  tcp-flags string
         -  statistics
            -  last-clear string
            -  last-match string
            -  matched-packets number
         -  tcam-entries number
      -  last-clear string
+  tcam-profile keyword

acl Descriptions

acl

Description Top level container for configuration and operational state related to access control lists (ACLs)
Contextacl
Treeacl
ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl capture-filter ipv4-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl capture-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

first-fragment boolean

Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl capture-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue

fragment boolean

Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl capture-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue

icmp

Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue

type (number | keyword)

Description Match a single ICMP type value.
Context acl capture-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True

protocol (number | keyword)

Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl capture-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl capture-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl capture-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl capture-filter ipv6-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl capture-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

icmp6

Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl capture-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue

type (number | keyword)

Description Match a single ICMPv6 type value
Context acl capture-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue

next-header (number | keyword)

Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl capture-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl capture-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl capture-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl capture-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl cpm-filter ipv4-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7250 IXR-6

  • 7250 IXR-10

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming linecard', 'action: accept', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl cpm-filter ipv4-filter entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue

log boolean

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming linecard', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl cpm-filter ipv4-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

destination-port

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl cpm-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

first-fragment boolean

Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl cpm-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue

fragment boolean

Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl cpm-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue

icmp

Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue

type (number | keyword)

Description Match a single ICMP type value.
Context acl cpm-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True

protocol (number | keyword)

Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl cpm-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl cpm-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl cpm-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl cpm-filter ipv6-filter entry sequence-id number
Range1 to 65535
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7250 IXR-6

  • 7250 IXR-10

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming linecard', 'action: accept', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl cpm-filter ipv6-filter entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue

log boolean

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming linecard', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl cpm-filter ipv6-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

destination-port

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl cpm-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

icmp6

Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue

type (number | keyword)

Description Match a single ICMPv6 type value
Context acl cpm-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue

next-header (number | keyword)

Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl cpm-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl cpm-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl cpm-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

name string

Description Name of the IPv4 filter policy.
Context acl ipv4-filter name string
String Length1 to 255
ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl ipv4-filter name string entry sequence-id number
Range1 to 65535
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7250 IXR-6

  • 7250 IXR-10

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming interface', 'action: accept', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl ipv4-filter name string entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue

log boolean

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming interface', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

This action combination is not supported on Trident3 platforms when the filter is applied as an output (egress traffic) filter; no logs will be generated.

Contextacl ipv4-filter name string entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

destination-port

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl ipv4-filter name string entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

first-fragment boolean

Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl ipv4-filter name string entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue

fragment boolean

Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl ipv4-filter name string entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue

icmp

Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match icmp
Treeicmp
ConfigurableTrue

type (number | keyword)

Description Match a single ICMP type value.
Context acl ipv4-filter name string entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True

protocol (number | keyword)

Description An IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl ipv4-filter name string entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv4-filter name string entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl ipv4-filter name string entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl ipv4-filter name string entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

subinterface name string

Description

If subinterface-specific=disabled then this list is empty.

If subinterface-specific=input-only then this is the list of subinterfaces that apply the ACL as an input ACL

If subinterface-specific=output-only then this is the list of subinterfaces that apply the ACL as an output ACL.

If subinterface-specific=input-and-output then this is the list of subinterfaces that apply the ACL as an input ACL or an output ACL.

Contextacl ipv4-filter name string entry sequence-id number statistics per-interface subinterface name string
Treesubinterface
ConfigurableFalse

input-total number

Description

The number of TCAM entries required to implement this entry on all subinterfaces of this slot where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this slot then input-total=0.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries linecard slot number input-total number
Treeinput-total
ConfigurableFalse

output-total number

Description

The number of TCAM entries required to implement this entry on all subinterfaces of this slot where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this slot then output-total=0.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries linecard slot number output-total number
Treeoutput-total
ConfigurableFalse

single-instance number

Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this slot. It captures the effect of TCAM entry expansion to deal with port ranges, for example.

Contextacl ipv4-filter name string entry sequence-id number tcam-entries linecard slot number single-instance number
Treesingle-instance
ConfigurableFalse

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl ipv4-filter name string last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl ipv4-filter name string subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue

name string

Description Name of the IPv6 filter policy.
Context acl ipv6-filter name string
String Length1 to 255
ConfigurableTrue

sequence-id number

Description A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries.
Contextacl ipv6-filter name string entry sequence-id number
Range1 to 65535
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7250 IXR-6

  • 7250 IXR-10

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming interface', 'action: accept', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl ipv6-filter name string entry sequence-id number action accept log boolean
Treelog
Defaultfalse
ConfigurableTrue

log boolean

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'incoming interface', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

This action combination is not supported on Trident3 platforms when the filter is applied as an output (egress traffic) filter; no logs will be generated.

Contextacl ipv6-filter name string entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

destination-port

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A destination port number
Context acl ipv6-filter name string entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

icmp6

Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue

type (number | keyword)

Description Match a single ICMPv6 type value
Context acl ipv6-filter name string entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue

next-header (number | keyword)

Description An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl ipv6-filter name string entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

source-port

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl ipv6-filter name string entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

end (number | keyword)

Description The ending port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Description The starting port number to include in the range
Contextacl ipv6-filter name string entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Description A source port number
Context acl ipv6-filter name string entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

subinterface name string

Description

If subinterface-specific=disabled then this list is empty.

If subinterface-specific=input-only then this is the list of subinterfaces that apply the ACL as an input ACL

If subinterface-specific=output-only then this is the list of subinterfaces that apply the ACL as an output ACL.

If subinterface-specific=input-and-output then this is the list of subinterfaces that apply the ACL as an input ACL or an output ACL.

Contextacl ipv6-filter name string entry sequence-id number statistics per-interface subinterface name string
Treesubinterface
ConfigurableFalse

input-total number

Description

The number of TCAM entries required to implement this entry on all subinterfaces of this slot where the filter is applied to ingress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this slot then input-total=0.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries linecard slot number input-total number
Treeinput-total
ConfigurableFalse

output-total number

Description

The number of TCAM entries required to implement this entry on all subinterfaces of this slot where the filter is applied to egress traffic.

For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this slot then output-total=0.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries linecard slot number output-total number
Treeoutput-total
ConfigurableFalse

single-instance number

Description

The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot.

This is non-zero even if the filter is not applied to any subinterfaces of this slot. It captures the effect of TCAM entry expansion to deal with port ranges, for example.

Contextacl ipv6-filter name string entry sequence-id number tcam-entries linecard slot number single-instance number
Treesingle-instance
ConfigurableFalse

last-clear string

Description Time of the last clear command performed by the user at this level
Contextacl ipv6-filter name string last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse

subinterface-specific keyword

Description

Controls the instantiation of the filter when it is applied as an input or output ACL

disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance

input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter

output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter

input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter

Contextacl ipv6-filter name string subinterface-specific keyword
Treesubinterface-specific
Defaultdisabled
Options
  • disabled

  • input-only

  • output-only

  • input-and-output

ConfigurableTrue

policers

Description Container for policer definitions used by ACL entries
Contextacl policers
Treepolicers
ConfigurableTrue

policer name string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description List of hardware policer templates. For each policer in this list one or more policer instances are implemented in the linecards of the system.
Contextacl policers policer name string
Treepolicer
ConfigurableTrue

name string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description User-defined name of the policer
Context acl policers policer name string
String Length1 to 255
ConfigurableTrue

entry-specific boolean

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description

If set to false, only one policer instance is created from this template and it is shared by all entries of all cpm-filter ACLs that refer to this policer.

If set to true, multiple policer instances are created from this template, one for each cpm-filter entry that refers to the policer template.

Contextacl policers policer name string entry-specific boolean
Treeentry-specific
Defaultfalse
ConfigurableTrue

max-burst number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The MBS bucket depth in bytes
Context acl policers policer name string max-burst number
Treemax-burst
Range1 to 125000000
Unitsbytes
ConfigurableTrue

peak-rate number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The PIR rate in kbps (bucket empty/fill rate).
Contextacl policers policer name string peak-rate number
Treepeak-rate
Range1 to 1000000
Unitskbps
ConfigurableTrue

statistics

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description

Container for linecard policer statistics

None of these statistics are populated if the policer is configured as entry-specific=true.

Contextacl policers policer name string statistics
Treestatistics
ConfigurableFalse

conforming-octets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl policers policer name string statistics conforming-octets number
Treeconforming-octets
Default0
ConfigurableFalse

conforming-packets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The number of packets (actually Ethernet frames) that were considered conforming by the policer
Contextacl policers policer name string statistics conforming-packets number
Treeconforming-packets
Default0
ConfigurableFalse

exceeding-octets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet.
Contextacl policers policer name string statistics exceeding-octets number
Treeexceeding-octets
Default0
ConfigurableFalse

exceeding-packets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description The number of packets (actually Ethernet frames) that were considered exceeding by the policer
Contextacl policers policer name string statistics exceeding-packets number
Treeexceeding-packets
Default0
ConfigurableFalse

last-clear string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7250 IXR-10

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7250 IXR-6

  • 7220 IXR-D1

Description Time of the last clear command that applied to these statistics
Contextacl policers policer name string statistics last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse

system-cpu-policer name string

Description List of system CPU policer templates. For each policer in this list one or more policer instances are implemented in the XDP-CPM software and these policer instances process the aggregate of terminating traffic received from all linecards.
Contextacl policers system-cpu-policer name string
Treesystem-cpu-policer
ConfigurableTrue

entry-specific boolean

Description

If set to false, only one policer instance is created from this template and it is shared by all entries of all cpm-filter ACLs that refer to this policer.

If set to true, multiple policer instances are created from this template, one for each cpm-filter entry that refers to the policer template.

Contextacl policers system-cpu-policer name string entry-specific boolean
Treeentry-specific
Defaultfalse
ConfigurableTrue

system-filter

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionTop level container for System filters
Contextacl system-filter
Treesystem-filter
ConfigurableTrue

ipv4-filter

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionTop level container for System IPv4 filters
Contextacl system-filter ipv4-filter
Treeipv4-filter
ConfigurableTrue

sequence-id number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl system-filter ipv4-filter entry sequence-id number
Range1 to 256
ConfigurableTrue

action

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionContainer for the actions to be applied to packets matching the System filter entry.
Contextacl system-filter ipv4-filter entry sequence-id number action
Treeaction
ConfigurableTrue

drop

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionDrop matching packets without sending any ICMP messages back to the source
Contextacl system-filter ipv4-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl system-filter ipv4-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

description string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionDescription string for the filter entry
Contextacl system-filter ipv4-filter entry sequence-id number description string
Treedescription
String Length1 to 255
ConfigurableTrue

match

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionContainer for the conditions that determine whether a packet matches this entry
Contextacl system-filter ipv4-filter entry sequence-id number match
Treematch
ConfigurableTrue

address string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its destination IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match destination-ip address string
Treeaddress
ConfigurableTrue

mask string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match destination-ip mask string
Treemask
ConfigurableTrue

destination-port

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

operator keyword

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv4-filter entry sequence-id number match destination-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue

end (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe ending port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe starting port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA destination port number
Contextacl system-filter ipv4-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

first-fragment boolean

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Match the first fragment of an IPv4 datagram

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf.

Contextacl system-filter ipv4-filter entry sequence-id number match first-fragment boolean
Treefirst-fragment
ConfigurableTrue

fragment boolean

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Match an IPv4 fragment

A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented.

Contextacl system-filter ipv4-filter entry sequence-id number match fragment boolean
Treefragment
ConfigurableTrue

icmp

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its ICMP type and code matches one of the specified combinations

The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match icmp
Treeicmp
ConfigurableTrue

code number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Match if the ICMP code value is any value in the list

Requires ICMP type to be specified because codes are type dependent.

Contextacl system-filter ipv4-filter entry sequence-id number match icmp code number
Treecode
ConfigurableTrue

type (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a single ICMP type value.
Contextacl system-filter ipv4-filter entry sequence-id number match icmp type (number | keyword)
Treetype
Range0 to 255
Options
  • echo-reply

    ICMP Echo Reply

  • dest-unreachable

    ICMP Destination Unreachable

  • source-quench

    ICMP Source Quench

  • redirect

    ICMP Redirect

  • echo

    ICMP Echo

  • router-advertise

    ICMP Router Advertisement

  • router-solicit

    ICMP Router Solicitation

  • time-exceeded

    ICMP Time Exceeded

  • param-problem

    ICMP Parameter Problem

  • timestamp

    ICMP Timestamp

  • timestamp-reply

    ICMP Timestamp Reply

Configurable True

protocol (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionAn IPv4 packet matches this condition if its IP protocol type field matches the specified value
Contextacl system-filter ipv4-filter entry sequence-id number match protocol (number | keyword)
Treeprotocol
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

address string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its source IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match source-ip address string
Treeaddress
ConfigurableTrue

mask string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv4-filter entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue

source-port

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv4-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

operator keyword

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv4-filter entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue

end (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe ending port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe starting port number to include in the range
Contextacl system-filter ipv4-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA source port number
Contextacl system-filter ipv4-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

tcp-flags string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA logical expression using the &, | and ! logical operators and the TCP flag names: rst, syn and ack.
Contextacl system-filter ipv4-filter entry sequence-id number match tcp-flags string
Treetcp-flags
ConfigurableTrue

last-match string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe elapsed time since a packet last matched the entry, considering all subinterfaces.
Contextacl system-filter ipv4-filter entry sequence-id number statistics last-match string
Treelast-match
String Length20 to 32
ConfigurableFalse

matched-packets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe number of packets matching the entry since it was programmed or since the last clear, summed across all subinterfaces
Contextacl system-filter ipv4-filter entry sequence-id number statistics matched-packets number
Treematched-packets
Default0
ConfigurableFalse

tcam-entries number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe number of TCAM entries required to implement a single instance of this filter rule.
Contextacl system-filter ipv4-filter entry sequence-id number tcam-entries number
Treetcam-entries
ConfigurableFalse

last-clear string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionTime of the last clear command performed by the user at this level
Contextacl system-filter ipv4-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse

ipv6-filter

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionTop level container for System IPv6 filters
Contextacl system-filter ipv6-filter
Treeipv6-filter
ConfigurableTrue

sequence-id number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries
Contextacl system-filter ipv6-filter entry sequence-id number
Range1 to 128
ConfigurableTrue

action

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionContainer for the actions to be applied to packets matching the System filter entry.
Contextacl system-filter ipv6-filter entry sequence-id number action
Treeaction
ConfigurableTrue

drop

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionDrop matching packets without sending any ICMP messages back to the source
Contextacl system-filter ipv6-filter entry sequence-id number action drop
Treedrop
ConfigurableTrue

log boolean

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

When this is true, a log is created for each packet matching the entry

The log entry contains the following information:

['timestamp', 'filter name', 'filter entry sequence-id', 'action: drop', 'IP protocol', 'packet-length', 'source-IP', 'source-port (TCP/UDP packets)', 'dest-IP', 'dest-port (TCP/UDP packets)', 'icmp-type (ICMP packets)', 'icmp-code (ICMP packets)']

Contextacl system-filter ipv6-filter entry sequence-id number action drop log boolean
Treelog
Defaultfalse
ConfigurableTrue

description string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionDescription string for the filter entry
Contextacl system-filter ipv6-filter entry sequence-id number description string
Treedescription
String Length1 to 255
ConfigurableTrue

match

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionContainer for the conditions that determine whether a packet matches this entry
Contextacl system-filter ipv6-filter entry sequence-id number match
Treematch
ConfigurableTrue

address string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its destination IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match destination-ip address string
Treeaddress
ConfigurableTrue

mask string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match destination-ip mask string
Treemask
ConfigurableTrue

destination-port

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match destination-port
Treedestination-port
ConfigurableTrue

operator keyword

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv6-filter entry sequence-id number match destination-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue

end (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe ending port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe starting port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA destination port number
Contextacl system-filter ipv6-filter entry sequence-id number match destination-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

icmp6

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations

The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match icmp6
Treeicmp6
ConfigurableTrue

code number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Match if the ICMPv6 code value is any value in the list

Requires ICMPv6 type to be specified because codes are type dependent.

Contextacl system-filter ipv6-filter entry sequence-id number match icmp6 code number
Treecode
ConfigurableTrue

type (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a single ICMPv6 type value
Contextacl system-filter ipv6-filter entry sequence-id number match icmp6 type (number | keyword)
Treetype
Range0 to 255
Options
  • dest-unreachable

    ICMPv6 Destination Unreachable

  • packet-too-big

    ICMPv6 Packet Too Big

  • time-exceeded

    ICMPv6 Time Exceeded

  • param-problem

    Parameter Problem

  • echo-request

    ICMPv6 Echo Request

  • echo-reply

    ICMPv6 Echo Reply

  • mld-query

    Multicast Listener Discovery Query

  • mld-report

    Multicast Listener Discovery Report

  • mld-done

    Multicast Listener Discovery Done

  • router-solicit

    ICMPv6 Router Solicitation

  • router-advertise

    ICMPv6 Router Advertisement

  • neighbor-solicit

    ICMPv6 Neighbor Solicitation

  • neighbor-advertise

    ICMPv6 Neighbor Advertisement

  • redirect

    ICMPv6 Redirect

  • router-renumber

    ICMPv6 Router Renumbering

  • node-info-query

    ICMPv6 Node Information Query

  • node-info-response

    ICMPv6 Node Information Response

  • mld-v2

    Multicast Listener Discovery Version 2

  • mcast-rtr-adv

    Multicast Router Advertisement

  • mcast-rtr-solicit

    Multicast Router Solicitation

  • mcast-rtr-term

    Multicast Router Termination

ConfigurableTrue

next-header (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionAn IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value
Contextacl system-filter ipv6-filter entry sequence-id number match next-header (number | keyword)
Treenext-header
Range0 to 255
Options
  • ipv6-hop

    IPv6 hop-by-hop option

  • icmp

    Internet Control Message Protocol

  • igmp

    Internet Group Management Protocol

  • ggp

    Gateway-to-Gateway Protocol

  • ipv4

    IPv4 encapsulation

  • st

    Stream Protocol

  • tcp

    Transmission Control Protocol

  • egp

    Exterior Gateway Protocol

  • igp

    Interior Gateway Protocol

  • udp

    User Datagram Protocol

  • ipv6

    IPv6 encapsulation

  • idrp

    Inter-Domain Routing Protocol

  • rsvp

    Resource Reservation Protocol

  • gre

    Generic Routing Encapsulation

  • esp

    IPSec Encapsulating Security Payload

  • ah

    IPSec Authentication Header

  • icmp6

    IPSec Authentication Header

  • no-next-hdr

    No Next Header for IPv6

  • ipv6-dest-opts

    Destination Options for IPv6

  • eigrp

    Cisco EIGRP

  • pim

    Protocol Independent Multicast

  • vrrp

    Virtual Router Redundancy Protocol

  • l2tp

    Layer Two Tunneling Protocol

  • sctp

    Stream Control Transmission Protocol

  • mpls-in-ip

    MPLS Encapsulation inside IP

  • rohc

    Robust Header Compression

ConfigurableTrue

address string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its source IP address logically anded with the inverse of the mask equals this IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match source-ip address string
Treeaddress
ConfigurableTrue

mask string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionMatch a packet if its source IP address logically anded with the inverse of this mask equals the configured IP address.
Contextacl system-filter ipv6-filter entry sequence-id number match source-ip mask string
Treemask
ConfigurableTrue

source-port

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified

The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly.

Contextacl system-filter ipv6-filter entry sequence-id number match source-port
Treesource-port
ConfigurableTrue

operator keyword

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

Description

Comparison operator

eq = equal ge = greater than or equal to le = less than or equal to

Contextacl system-filter ipv6-filter entry sequence-id number match source-port operator keyword
Treeoperator
Options
  • le

    Less than or equal.

  • ge

    Greater than or equal.

  • eq

    Equal to.

ConfigurableTrue

end (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe ending port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match source-port range end (number | keyword)
Treeend
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

start (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe starting port number to include in the range
Contextacl system-filter ipv6-filter entry sequence-id number match source-port range start (number | keyword)
Treestart
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

value (number | keyword)

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA source port number
Contextacl system-filter ipv6-filter entry sequence-id number match source-port value (number | keyword)
Treevalue
Range0 to 65535
Options
  • acap

    Application Configuration Access Protocol

  • afp-tcp

    Apple Filing Protocol over TCP

  • arns

    A Remote Network Server System

  • asf-rmcp

    ASF Remote Management and Control Protocol & IPMI Remote Management Protocol

  • ashare

    AppleShare IP Web Administration

  • atalk-rm

    AppleTalk Routing Maintenance

  • aurp

    AppleTalk Update-Based Routing Protocol

  • auth

    Authentication Service

  • bfd

    Bidirectional Forwarding Detection Single Hop

  • bfd-echo

    BFD Echo

  • bftp

    Background File Transfer Program

  • bgmp

    Border Gateway Multicast Protocol

  • bgp

    Border Gateway Protocol

  • bootpc

    Bootstrap Protocol (BOOTP) Client and DHCP Client

  • bootps

    Bootstrap Protocol (BOOTP) Server and DHCP Server

  • ccso-ns

    CCSO Nameserver

  • chargen

    Character Generator Protocol (CHARGEN)

  • cisco-tdp

    Cisco Tag Distribution Protocol

  • citadel

    Citadel

  • clearcase

    ClearCase albd

  • commerce

    Commerce Applications

  • courier

    Remote Procedure Call

  • daytime

    Daytime Protocol

  • dhcpv6-client

    DHCPv6 Client

  • dhcpv6-server

    DHCPv6 Server

  • dhcp-failover

    DHCP Failover Protocol

  • dicom

    Digital Imaging and Communications in Medicine

  • discard

    Discard Protocol. Also Wake-on-LAN.

  • dnsix

    DNSIX security protocol auditing

  • domain

    Domain Name System

  • dsp

    Display Support Protocol

  • echo

    Echo Protocol

  • epp

    Extensible Provisioning Protocol

  • esro

    Efficient Short Remote Operations (ESRO)

  • exec

    Remote Process Execution (Rexec)

  • finger

    Finger protocol

  • ftp

    File Transfer Protocol control

  • ftp-data

    File Transfer Protocol data

  • ftps

    FTPS (FTP over SSL/TLS) control

  • ftps-data

    FTPS (FTP over SSL/TLS) data

  • godi

    Group Domain Of Interpretation (GDOI) protocol

  • gopher

    Gopher protocol

  • gtp-c

    GTP control messages (GTP-C)

  • gtp-prime

    GTP prime CDR logging protocol

  • gtp-u

    GTP user data messages (GTP-U)

  • ha-cluster

    Linux-HA high-availability heartbeat

  • hostname

    NIC hostname server

  • hp-alarm-mgr

    HP data alarm manager

  • http

    Hypertext Transfer Protocol

  • http-alt

    FileMaker Web Sharing (HTTP Alternate)

  • http-mgmt

    http-mgmt

  • http-rpc

    Remote procedure call over Hypertext Transfer Protocol

  • https

    Hypertext Transfer Protocol over TLS/SSL

  • ieee-mms-ssl

    IEEE Media Management System over SSL

  • imap

    Internet Message Access Protocol (IMAP)

  • imap3

    Internet Message Access Protocol (IMAP), version 3

  • imaps

    Internet Message Access Protocol over TLS/SSL

  • ipp

    Internet Printing Protocol

  • ipsec

    Internet Protocol Security (IPSec)

  • ipx

    Internetwork Packet Exchange (IPX)

  • irc

    Internet Relay Chat (IRC)

  • iris-beep

    IRIS (Internet Registry Information Service) over BEEP

  • isakmp

    Internet Security Association and Key Management Protocol (ISAKMP) / Internet Key Exchange (IKE)

  • isakmp-nat

    IPSec NAT Traversal

  • iscsi

    iSCSI

  • iso-tsap

    ISO Transport Service Access Point (TSAP) Class 0 protocol

  • kerberos

    Kerberos authentication system

  • kerberos-adm

    Kerberos administration

  • klogin

    Kerberos login

  • kpasswd

    Kerberos Change/Set password

  • kshell

    Kerberos Remote shell

  • l2tp

    Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP)

  • ldap

    Lightweight Directory Access Protocol (LDAP)

  • ldaps

    Lightweight Directory Access Protocol over TLS/SSL (LDAPS)

  • ldp

    Label Distribution Protocol

  • lmp

    Link Management Protocol (LMP)

  • login

    rlogin (TCP) or Who (UDP)

  • lpd

    Line Printer Daemon

  • lsp-ping

    MPLS LSP-echo

  • mac-server-adm

    Mac OS X Server administration

  • matip-a

    Mapping of Airline Traffic over Internet Protocol (MATIP) type A

  • matip-b

    Mapping of Airline Traffic over Internet Protocol (MATIP) type B

  • micro-bfd

    BFD session over each LAG member link

  • microsoft-ds

    Microsoft Directory Services

  • mobile-ip

    Mobile IP Agent

  • monitor

    Monitor

  • mpp

    Message posting protocol (MPP)

  • mssql-m

    Microsoft SQL Server database management system (MSSQL) monitor

  • mssql-s

    Microsoft SQL Server database management system (MSSQL) server

  • msdp

    Multicast Source Discovery Protocol

  • ms-exchange

    MS Exchange Routing

  • msp

    Message Send Protocol

  • multihop-bfd

    Bidirectional Forwarding Detection Multi-Hop

  • nas

    Netnews Administration System (NAS)

  • ncp

    NetWare Core Protocol

  • netrjs-1

    NETRJS protocol

  • netrjs-2

    NETRJS protocol

  • netrjs-3

    NETRJS protocol

  • netrjs-4

    NETRJS protocol

  • netbios-data

    NetBIOS Datagram Service

  • netbios-ns

    NetBIOS Name Service

  • netbios-ss

    NetBIOS Session Service

  • netnews

    Netnews

  • netwall

    netwall, for Emergency Broadcasts

  • new-rwho

    new-rwho, new-who

  • nfs

    Network File System (NFS)

  • nntp

    Network News Transfer Protocol (NNTP)

  • nntps

    Network News Transfer Protocol over TLS/SSL (NNTPS)

  • ntp

    Network Time Protocol (NTP)

  • odmr

    On-Demand Mail Relay (ODMR)

  • olsr

    Optimized Link State Routing (OLSR)

  • openvpn

    OpenVPN

  • pim-auto-rp

    PIM Auto-RP

  • pkix-timestamp

    PKIX Time Stamp Protocol (TSP)

  • pop2

    Post Office Protocol, version 2 (POP2)

  • pop3

    Post Office Protocol, version 3 (POP3)

  • pop3s

    Post Office Protocol 3 over TLS/SSL (POP3S)

  • pptp

    Point-to-Point Tunneling Protocol (PPTP)

  • ptp-event

    Precision Time Protocol (PTP) event messages

  • ptp-general

    Precision Time Protocol (PTP) general messages

  • print-srv

    Network PostScript print server

  • qmtp

    Quick Mail Transfer Protocol

  • qotd

    Quote of the Day (QOTD)

  • radius

    RADIUS authentication protocol

  • radius-acct

    RADIUS accounting protocol

  • remote-mail

    Remote Mail Checking Protocol

  • remotefs

    Remotefs, RFS Server

  • remotecmd

    SupportSoft Nexus Remote Command

  • rip

    Routing Information Protocol

  • rje

    Remote Job Entry

  • rlp

    Resource Location Protocol

  • rlzdb

    RLZ DBase

  • rmc

    IBM RMC (Remote monitoring and Control) protocol

  • rmonitor

    rmonitor, Remote Monitor

  • rpc2portmap

    Rpc2portmap

  • rsync

    rsync file synchronization protocol

  • rtelnet

    Remote User Telnet Service (RTelnet)

  • rtsp

    Real Time Streaming Protocol (RTSP)

  • sgmp

    Simple Gateway Monitoring Protocol (SGMP)

  • silc

    Secure Internet Live Conferencing (SILC)

  • smux

    SNMP multiplexing protocol (SMUX)

  • sna-gw

    IBM Systems Network Architecture (SNA) gateway access server

  • snmp

    Simple Network Management Protocol (SNMP)

  • snmp-trap

    SNMP Traps

  • snpp

    Simple Network Paging Protocol (SNPP)

  • smtp

    Simple Mail Transfer Protocol (SMTP)

  • sql-svcs

    Structured Query Language (SQL) Services

  • sql

    Structured Query Language (SQL) Service

  • ssh

    Secure Shell Protocol

  • submission

    Email message submission (SMTP)

  • sunrpc

    Open Network Computing Remote Procedure Call (ONC RPC), also Sun RPC

  • svcloc

    Service Location Protocol (SLP)

  • syslog

    Syslog (UDP) and Remote Shell (TCP)

  • systat

    Active Users (systat service)

  • tacacs

    TACACS Login Host protocol

  • talk

    Talk

  • tcpmux

    TCP Port Service Multiplexer (TCPMUX)

  • tcpnethaspsrv

    tcpnethaspsrv, Aladdin Knowledge Systems Hasp services

  • tftp

    Trivial File Transfer Protocol (TFTP)

  • time

    Time Protocol

  • timed

    Timeserver

  • ups

    Uninterruptible power supply (UPS)

  • xdmcp

    X Display Manager Control Protocol (XDMCP)

  • xns-ch

    Xerox Network Systems (XNS) Clearinghouse (Name Server)

  • xns-mail

    Xerox Network Systems (XNS) Mail

  • xns-time

    Xerox Network Systems (XNS) Time Protocol

  • z3950

    ANSI Z39.50

ConfigurableTrue

tcp-flags string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionA logical expression using the &, | and ! logical operators and the TCP flag names: rst, syn and ack.
Contextacl system-filter ipv6-filter entry sequence-id number match tcp-flags string
Treetcp-flags
ConfigurableTrue

last-match string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe elapsed time since a packet last matched the entry, considering all subinterfaces.
Contextacl system-filter ipv6-filter entry sequence-id number statistics last-match string
Treelast-match
String Length20 to 32
ConfigurableFalse

matched-packets number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe number of packets matching the entry since it was programmed or since the last clear, summed across all subinterfaces
Contextacl system-filter ipv6-filter entry sequence-id number statistics matched-packets number
Treematched-packets
Default0
ConfigurableFalse

tcam-entries number

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionThe number of TCAM entries required to implement a single instance of this filter rule.
Contextacl system-filter ipv6-filter entry sequence-id number tcam-entries number
Treetcam-entries
ConfigurableFalse

last-clear string

Note:

This command is available for the following platforms:

  • 7220 IXR-D2

  • 7220 IXR-D3L

  • 7220 IXR-D2L

  • 7220 IXR-D3

  • 7220 IXR-D1

DescriptionTime of the last clear command performed by the user at this level
Contextacl system-filter ipv6-filter last-clear string
Treelast-clear
String Length20 to 32
ConfigurableFalse

tcam-profile keyword

Description Specify the TCAM resource management profile
Contextacl tcam-profile keyword
Treetcam-profile
Options
  • default

    Default allocation that provides twice as many resources to ingress ACLs as egress ACLs

  • ipv4-egress-scaled

    Alternate allocation that provides more resources to IPv4 egress ACLs than any other application

ConfigurableTrue