-
Cisco IOS Quality of Service Solutions Command Reference
-
A through C
-
D through F
-
identity policy (policy-map) through ip rsvp pq-profile
-
ip rsvp precedence through load protocol
-
match access-group through mls ip pbr
-
mls qos (global configuration mode) through mpls experimental
-
N through P
-
Q through R
-
send qdm message through show atm bundle svc statistics
-
show auto discovery qos through show ip rsvp hello client lsp detail
-
show ip rsvp hello client lsp summary through show lane qos database
-
show mls qos through wrr-queue threshold
-
Feedback
Contents
- match access-group through mls ip pbr
- mac packet-classify
- mac packet-classify use vlan
- map ip
- map ipv6
- map mpls
- match access-group
- match application (class-map)
- match any
- match atm-clp
- match atm oam
- match atm-vci
- match class-map
- match cos
- match cos inner
- match destination-address mac
- match discard-class
- match dscp
- match field
- match flow pdp
- match fr-dlci
- match input vlan
- match input-interface
- match ip dscp
- match ip precedence
- match ip rtp
- match mpls experimental
- match mpls experimental topmost
- match not
- match packet length (class-map)
- match port-type
- match precedence
- match protocol
- match protocol attribute application-group
- match protocol attribute category
- match protocol attribute encrypted
- match protocol attribute sub-category
- match protocol attribute tunnel
- match protocol (NBAR)
- match protocol citrix
- match protocol fasttrack
- match protocol gnutella
- match protocol http
- match protocol pppoe-discovery
- match protocol rtp
- match qos-group
- match source-address mac
- match start
- match tag (class-map)
- match vlan (QoS)
- match vlan inner
- maximum (local policy)
- maximum bandwidth ingress
- maximum bandwidth percent
- maximum header
- max-reserved-bandwidth
- metadata application-params
- metadata flow
- metadata flow (troubleshooting)
- mls ip pbr
match access-group through mls ip pbr
mac packet-classify
To classify Layer 3 packets as Layer 2 packets, use the macpacket-classify command in interface configuration mode. To return to the default settings, use the no form of this command.
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
You can configure these interface types for multilayer MAC access control list (ACL) quality of service (QoS) filtering:
- VLAN interfaces without Layer 3 addresses
- Physical LAN ports that are configured to support Ethernet over Multiprotocol Label Switching (EoMPLS)
- Logical LAN subinterfaces that are configured to support EoMPLS
The ingress traffic that is permitted or denied by a MAC ACL on an interface configured for multilayer MAC ACL QoS filtering is processed by egress interfaces as MAC-layer traffic. You cannot apply egress IP ACLs to traffic that was permitted or denied by a MAC ACL on an interface configured for multilayer MAC ACL QoS filtering.
Microflow policing does not work on interfaces that have the macpacket-classify command enabled.
The macpacket-classify command causes the Layer 3 packets to be classified as Layer 2 packets and disables IP classification.
Traffic is classified based on 802.1Q class of service (CoS), trunk VLAN, EtherType, and MAC addresses.
Examples
This example shows how to classify incoming and outgoing Layer 3 packets as Layer 2 packets:
Router(config-if)# mac packet-classify
Router(config-if)#
This example shows how to disable the classification of incoming and outgoing Layer 3 packets as Layer 2 packets:
Router(config-if)# no mac packet-classify
Router(config-if)#
This example shows how to enforce Layer 2 policies on BPDU packets:
Router(config-if)# mac packet-classify bpdu
Router(config-if)#
This example shows how to disable Layer 2 policies on BPDU packets:
Router(config-if)# no mac packet-classify bpdu
Router(config-if)#
mac packet-classify use vlan
To enable VLAN-based quality of service (QoS) filtering in the MAC access control lists (ACLs), use the macpacket-classifyusevlan command in global configuration mode. To return to the default settings, use the no form of this command.
Usage Guidelines
This command is supported in PFC3BXL or PFC3B mode only.
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
You must use the nomacpacket-classifyusevlan command to disable the VLAN field in the Layer 2 key if you want to apply QoS to the Layer 2 Service Advertising Protocol (SAP)-encoded packets (for example, Intermediate System-to-Intermediate System [IS-IS] and Internet Packet Exchange [IPX]).
QoS does not allow policing of non-Advanced Research Protocol Agency (ARPA) Layer 2 packets (for example, IS-IS and IPX) if the VLAN field is enabled.
map ip
T o classify either all the IPv4 packets, or the IPv4 packets based on either differentiated service code point (DSCP) values or precedence values into high priority or low priority for POS, channelized, and clear-channel SPAs, use the following forms of the mapip command in ingress class-map mode. Use the no forms of this command listed here to remove the IPv4 settings.
Command to Classify all the IPv4 Packets
Command to Classify IPv4 Packets Based on DSCP Values
Command to Classify IPv4 Packets Based on Precedence Values
Syntax Description
|
all queue |
Implies the high priority or low priority configuration of all the IPv4 packets. |
|
strict-priority |
Classifies all the IPv4 packets as high priority (strict-priority). |
|
0 |
Classifies all the IPv4 packets as low priority. |
|
dscp-based |
Enables classification based on DSCP value in IPv4. |
|
dscp |
Allows you to configure the DSCP value or range as high priority or low priority for IPv4 packets. |
|
dscp-value |
DSCP value for which the priority is to be configured as high or low. |
|
dscp-range |
Range of dscp-values for which the priority is to be configured as high or low. |
|
queue |
Enables the classification of an entire queue, DSCP values, or precedence values as high priority or low priority. |
|
precedence-based |
Enables the classification based on IPv4 precedence values. |
|
precedence |
Allows you to configure an IPv4 precedence value or range as high priority or low priority for IPv4 packets. |
|
precedence-value |
Precedence-value for which the priority is to be configured as high or low. |
|
precedence-range |
Range of precedence-values for which the priority is to be configured as high or low. |
Command Default
If there is no configuration of IPv4 DSCP value or precedence values map to high priority specified, the system treats packets with DSCP range EF as high priority and precedence range 6-7 as high priority.
Usage Guidelines
To classify all IPv4 packets as high or low for POS, channelized, or clear-channel SPA, use the mapipallqueuecommand,
To classify IPv4 packets with specific DSCP values, enable the DSCP classification using the mapipdscp-basedcommand. To classify IPV4 packets with specific DSCP values as high or low, use the mapipdscp {{dscp-value | dscp-range} queue {strict-priority | 0}} command.
To classify IPv4 packets with specific precedence values, enable the precedence classification using the mapipprecedence-basedcommand. To classify IPv4 packets with specific precedence values as high or low, use the mapipprecedence {{precedence-value | precedence-range} queue {strict-priority | 0}} command.
Examples
The following example shows how to classify all the IPv4 Packets as high priority using the mapipallqueuestrict-prioritycommand:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map ip all queue strict-priority
The following example shows how to classify IPv4 Packets with DSCP value of cs1 as high priority:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map ip dscp-based Router(config-ing-class-map)# map ip dscp cs1 queue strict-priority
The following example shows how to classify IPv4 Packets with a precedence value 3 and 5 as high priority:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map ip precedence-based Router(config-ing-class-map)# map ip precedence 3 5 queue strict-priority
map ipv6
T o classify either all the IPv6 packets, or IPv6 packets based on specific traffic class (TC) values as high priority or low priority in the context of POS, channelized, and clear-channel SPAs use the following forms of mapipv6 commands in ingress class-map mode. Use the no forms of this command listed here to remove the IPv6 settings.
Command to Classify all the IPv6 Packets
Command to Classify IPv6 Traffic-Class values as High Priority or Low Priority
Syntax Description
|
all queue |
Implies the high priority or low priority configuration of all the IPv6 packets. |
|
strict-priority |
Classifies all the IPv6 packets as high priority (strict-priority). |
|
0 |
Classifies all the IPv6 Packets as low priority. |
|
tc |
Allows you to configure the traffic class value or range as high priority or low priority for IPv6 packets. |
|
tc-value |
Specific traffic-class value for which the priority is to be configured as either high or low(0). |
|
tc-range |
Range of traffic-class values for which the priority is to be configured as either high or low(0). |
|
queue |
Enables classification of the entire queue, traffic-class values, or range of traffic-class values as either high priority or low priority. |
Command Default
If a user does not configure which IPv6 traffic class values map to high priority, the system treats packets the packets with traffic class EF as high priority.
Usage Guidelines
To classify all the IPv6 packets as high priority or low priority in the context of POS, channelized, or clear-channel SPAs, use the mapipv6allqueuecommand.
To classify the IPv6 packets with specific traffic class values, use the mapipv6tccs2queuestrict-prioritycommand.
Examples
The following example shows how to classify all the IPv6 packets as high priority using the mapipv6allqueuestrict-priority command:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map ipv6 all queue strict-priority
The following example shows how to classify the IPv6 packets with traffic-class values cs2 as high priority:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map ip tc cs2 queue strict-priority
map mpls
T o classify either all the Multiprotocol Label Switching (MPLS) packets or MPLS packets with specified EXP values or range as high priority or low priority for POS, channelized, and clear-channel SPAs the following forms of the mapmpls command are used in ingress class-map mode. Use the no forms of this command listed here to remove the MPLS settings.
Command to Classify all the MPLS EXP Values as High Priority or Low Priority
Command to Classify the MPLS EXP Values as High Priority or Low Priority
Syntax Description
|
all queue |
Implies the high priority or low priority configuration of all the MPLS Packets. |
|
strict-priority |
Classifies either all the MPLS packets or the MPLS packets with specific EXP values as high priority (strict priority). |
|
0 |
Classifies MPLS packets as low priority. |
|
exp |
Allows you to configure an EXP value or a range of EXP values as high priority or low priority for MPLS packets. The valid range for EXP values is 0 to 7. |
|
exp-value |
A specific EXP value for which the priority is to be configured as high or low(0). |
|
exp-range |
A range of EXP values for which the priority is to be configured as high or low(0). The valid range for EXP values is 0 to 7. |
|
queue |
Enables the classification priority of an entire queue, EXP values, or range of EXP values as high priority or low priority. |
Command Default
If a user does not configure which MPLS EXP values map to high priority, the system treats packets with an EXP value of 6-7 as high priority.
Usage Guidelines
To classify all the MPLS packets as high priority or low priority for POS, channelized, or clear-channel SPA, use the mapmplsallqueuecommand.
To classify the MPLS packets with specific EXP values, use the mapmplsexp{exp-value|exp-range}queue{strict-priority|0} command.
Examples
The following example shows how to classify all the MPLS packets as high priority using the mapmplsallqueuestrict-priority command:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map mpls all queue strict-priority
The following example shows how to classify the MPLS packets with EXP value of 4 as high priority:
Router# config Router(config)# ingress-class-map 1 Router(config-ing-class-map)# map mpls exp 4 queue strict-priority
match access-group
To configure the match criteria for a class map on the basis of the specified access control list (ACL), use the match access-group command in QoS class-map configuration or policy inline configuration mode. To remove the ACL match criteria from a class map, use the no form of this command.
Syntax Description
|
access-group |
A numbered ACL whose contents are used as the match criteria against which packets are checked to determine if they belong to the same class. The range is from 1 to 2699. |
|
name access-group-name |
Specifies a named ACL whose contents are used as the match criteria against which packets are checked to determine if they belong to the same class. The name can be up to 40 alphanumeric characters. |
Command Modes
QoS class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)T |
This command was introduced. |
|
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
|
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
|
12.0(17)SL |
This command was modified. This command was enhanced to include matching of access lists on the Cisco 10000 series routers. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.4(6)T |
This command was modified. This command was enhanced to support the zone-based policy firewall. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB. |
|
12.2SX |
This command was integrated into the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
The match access-group command specifies a numbered or named ACL whose contents are used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
A traffic rate is generated for packets that match an access group. In zone-based policy firewalls, only the first packet that creates a session matches the configured policy. Subsequent packets in the flow do not match the filters in the configured policy, but instead match the session directly. The statistics related to subsequent packets are shown as part of the inspect action.
Zone-based policy firewalls support only the match access-group, match class-map, and match protocol commands. If you specify more than one match command in a class map, only the last command that you specified will be applied to the class map. The last match command overrides the previously entered match commands.
The match access-group command specifies the numbered access list against whose contents packets are checked to determine if they match the criteria specified in the class map. Access lists configured with the log keyword of the access-list command are not supported when you configure the match criteria. For more information about the access-list command, refer to the Cisco IOS IP Application Services Command Reference.
When this command is configured in Cisco IOS Release 15.0(1)M and later releases, the firewall inspects only Layer 4 policy maps. In releases prior to Cisco IOS Release 15.0(1)M, the firewall inspects both Layer 4 and Layer 7 policy maps.
For class-based weighted fair queueing (CBWFQ), you can define traffic classes based on the match criteria that include ACLs, experimental (EXP) field values, input interfaces, protocols, and quality of service (QoS) labels. Packets that satisfy the match criteria for a class constitute the traffic for that class.
 Note | In zone-based policy firewalls, this command is not applicable for CBWFQ. |
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration modes in which you can issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
To use the match access-group command, you must configure the service-policy type performance-monitor inline command.
Supported Platforms Other than Cisco 10000 Series Routers
To use the match access-group command, you must configure the class-map command to specify the name of the class whose match criteria you want to establish. After you identify the class, you can use one of the following commands to configure its match criteria:
Cisco 10000 Series Routers
To use the match access-group command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
Cisco ASR 1000 Series Aggregation Services Routers
Cisco ASR 1000 Series Routers do not support more than 16 match statements per class map. An interface with more than 16 match statements rejects the service policy.
Examples
The following example shows how to specify a class map named acl144 and to configure the ACL numbered 144 to be used as the match criterion for that class:
Device(config)# class-map acl144 Device(config-cmap)# match access-group 144
Device(config)# class-map type inspect match-all c1 Device(config-cmap)# match access-group 144
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to configure a service policy for the Performance Monitor in policy inline configuration mode. The policy specifies that packets traversing Ethernet interface 0/0 must match ACL144.
Device(config)# interface ethernet 0/0 Device(config-if)# service-policy type performance-monitor inline input Device(config-if-spolicy-inline)# match access-group name ACL144 Device(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
access-list (IP extended) |
Defines an extended IP access list. |
|
access-list (IP standard) |
Defines a standard IP access list. |
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match access-group |
Configures the match criteria for a class map on the basis of the specified ACL. |
|
match class-map |
Uses a traffic class as a classification policy. |
|
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
|
match mpls experimental |
Configures a class map to use the specified EXP field value as a match criterion. |
|
match protocol |
Configures the match criteria for a class map on the basis of the specified protocol. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
match application (class-map)
To use the metadata application as a match criterion for control plane classification, use the match application command in QoS class-map configuration mode. To remove a previously configured metadata application from being used as a match criterion for control plane classification, use the no form of this command.
Syntax Description
| application-group application-group-name | Specifies the application group that the control plane classification engine must match. Use one of the following values to specify the relevant application group: telepresence-group, vmware-group, and webex-group. |
| attribute |
Specifies the relevant attribute to match. |
| category |
Specifies the category type that the control plane classification engine must match. |
| business-and-productivity-tools |
Specifies the business and productivity tools. |
| voice-and-video |
Specifies the voice and video category. |
| device-class device-class-type |
Specifies the device class to match. Use one of the following values to specify the relevant device class: desktop-conferencing, desktop-virtualisation, physical-phone, room-conferencing, software-phone, and surveillance. |
| media-type media-type |
Specifies the type of media to match. Use one of the following values to specify the relevant media type: audio, audio-video control, data, and video. |
| sub-category |
Specifies the subcategory to match. |
| remote-access-terminal |
Specifies the remote access terminal subcategory. |
| voice-video-chat-collaboration |
Specifies the voice, video, and collaboration subcategory. |
| application-name |
Name of the application that the control plane classification engine must match. The following applications are supported: cisco-phone, citrix, h323, jabber, rtp, rtsp, sip, telepresence-control, telepresence-data, telepresence-media, vmware-view, webex-data, webex-meeting, webex-streaming, webex-video, webex-voice, and wyze-zero-client. |
| source |
(Optional) Specifies the source of the application. |
| msp |
(Optional) Specifies the application source as Media-Proxy Services (MSP). |
| nbar |
(Optional) Specifies the application source as Network-Based Application Recognition (NBAR). |
| rsvp |
(Optional) Specifies the application source as the Resource Reservation Protocol (RSVP). |
| vendor vendor-name |
(Optional) Specifies the name of the vendor. Enter ? after the vendor keyword to get a list of supported vendors for the respective application name. |
| version version-number |
(Optional) Specifies the version number of the application. |
Usage Guidelines
Enabling metadata-based control plane classification on a per-platform, per-line card basis for quality of service (QoS) policies involves the following key steps:
- Creating a class map with metadata-based filters.
- Creating a policy map that uses classes.
- Attaching a policy map to the target.
You can use the match application command to enable metadata-based filters that can be applied to a class map. Specifying the required application name ensures that the respective policies can be applied only to those flows that match the application name.
You can use the match application command in conjunction with any other match commands for specifying match criteria for classes. For example, you can use the match dscp command along with the match application command as the classification criteria for flows.
You can use the show metadata flow classification table command to verify the metadata-based classification information.
You can use the debug metadata flow all command to verify whether a particular classification has been successfully created.
Note | With CSCub24690, the webex-data, webex-streaming, webex-video, and webex-voice keywords are not supported in the match application application-name command. |
Examples
The following example shows how to configure a class map c1 and specify the metadata application webex-meeting as the matching criterion, thus achieving control plane classification. Only those flows that match the metadata application webex-meeting will be considered for the appropriate action.
Device(config)# class-map c1 Device(config-cmap)# match application webex-meeting
The following configuration is provided for the completeness of the example.
A policy map p1 that uses the previously configured class c1 is created. The requirement in this example is to provide a guaranteed bandwidth of 1 Mb/s to all flows that match the criterion defined for class c1:
Device(config)# policy-map p1 Device(config-pmap)# class c1 Device(config-pmap-c)# priority 1
The following configuration example shows how to attach a policy to a target interface:
Device(config)# interface gigabitethernet 0/0 Device(config-if)# service-policy output p1
Related Commands
| Command | Description |
|---|---|
|
class (policy-map) |
Specifies the name of the class whose policy you want to create or change. |
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
debug metadata |
Enables debugging for metadata flow. |
|
metadata application-params |
Enters metadata application entry configuration mode and creates new metadata application parameters. |
|
policy-map |
Enters policy-map configuration mode and creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
priority |
Gives priority to a class of traffic belonging to a policy map. |
|
service-policy |
Attaches a policy map to an input interface, a VC, an output interface, or a VC that will be used as the service policy for the interface or VC. |
|
show metadata flow |
Displays metadata flow information. |
match any
To configure the match criteria for a class map to be successful match criteria for all packets, use the matchany command in class-map configuration or policy inline configuration mode. To remove all criteria as successful match criteria, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)XE |
This command was introduced. |
|
12.0(5)T |
This command was integrated into Cisco IOS Release 12.0(5)T. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
|
15.1(2)SNG |
This command was integrated into Cisco IOS Release 15.1(2)SNG for Cisco ASR 901 Routers. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
In the following configuration, all packets traversing Ethernet interface 1/1 will be policed based on the parameters specified in policy-map class configuration mode:
Router(config)# class-map matchany Router(config-cmap)# match any Router(config-cmap)# exit Router(config)# policy-map policy1 Router(config-pmap)# class class4 Router(config-pmap-c)# police 8100 1500 2504 conform-action transmit exceed-action set-qos-transmit 4 Router(config-pmap-c)# exit Router(config)# interface ethernet1/1 Router(config-if)# service-policy output policy1
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that all packets traversing Ethernet interface 0/0 will be matched and monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match any Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
|
match protocol |
Configures the match criteria for a class map on the basis of the specified protocol. |
match atm-clp
To enable packet matching on the basis of the ATM cell loss priority (CLP), use the matchatm-clpcommand in class-map configuration mode. To disable packet matching on the basis of the ATM CLP, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.0(28)S |
This command was introduced. |
|
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
|
12.2(33)SRB |
This command was integrated into Cisco IOS Release 12.2(33)SRB. |
|
12.2(33)SRC |
Support for the Cisco 7600 series router was added. |
|
12.4(15)T2 |
This command was integrated into Cisco IOS Release 12.4(15)T2. |
|
12.2(33)SB |
Support for the Cisco 7300 series router was added. |
|
Cisco IOS XE Release 2.3 |
This command was integrated into Cisco IOS XE Release 2.3. |
Usage Guidelines
This command is supported on policy maps that are attached to ATM main interfaces, ATM subinterfaces, or ATM permanent virtual circuits (PVCs). However, policy maps (containing the matchatm-clp command) that are attached to these types of ATM interfaces can be input policy maps only .
This command is supported on the PA-A3 adapter only .
Examples
In the following example, a class called "class-c1" has been created using the class-map command, and the matchatm-clp command has been configured inside that class. Therefore, packets are matched on the basis of the ATM CLP and are placed into this class.
Router> enable Router# configure terminal Router(config)# class-map class-c1 Router(config-cmap)# match atm-clp Router(config-cmap)# end
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
show atm pvc |
Displays all ATM PVCs and traffic information. |
|
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface. |
match atm oam
To enable the control traffic classification on an ATM interface, use the matchatmoamcommand in class-map configuration mode. To disable the control traffic classification, use the no form of this command.
Usage Guidelines
Use this command for policy maps attached to ATM interfaces or ATM permanent virtual circuits (PVCs). Policy maps containing the matchatmoam command attached to ATM interfaces or ATM PVCs can be input policy maps only.
Examples
The following example shows the control traffic classification being configured as the match criterion in a class map. The policy map containing this class map is then applied to the ATM interface.
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# class-map class-oam Router(config-cmap)# match atm oam Router(config-cmap)# exit
Related Commands
|
Command |
Description |
|---|---|
|
show class-map |
Displays all class maps and their matching criteria. |
|
show policy-map |
Displays all policy maps. |
|
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified ATM interface or on a specific PVC on the interface. |
match atm-vci
To enable packet matching on the basis of the ATM virtual circuit interface (VCI), use the matchatm-vcicommand in class map configuration mode. To disable packet matching on the basis of the ATM VCI, use thenoform of this command.
Usage Guidelines
When you configure the matchatm-vcicommand in class map configuration mode, you can add this class map to a policy map that can be attached only to an ATM permanent virtual path (PVP).
Note | On the Cisco 7600 series router, the matchatm-vcicommand is supported only in the ingress direction on an ATM VP. |
You can use the matchnot command to match any VC except those you specify in the command.
match class-map
To use a traffic class as a classification policy, use the match class-map command in class-map or policy inline configuration mode. To remove a specific traffic class as a match criterion, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)XE |
This command was introduced. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.4(6)T |
This command was enhanced to support Zone-Based Policy Firewall. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was implemented on the Cisco 10000 series. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
Cisco IOS XE Release 3.2S |
This command was integrated into Cisco IOS XE Release 3.2S. |
Usage Guidelines
The only method of including both match-any and match-all characteristics in a single traffic class is to use the match class-map command. To combine match-any and match-all characteristics into a single class, do one of the following:
- Create a traffic class with the match-anyinstruction and use a class configured with the match-all instruction as a match criterion (using the match class-map command).
- Create a traffic class with the match-allinstruction and use a class configured with the match-any instruction as a match criterion (using the match class-map command).
You can also use the match class-map command to nest traffic classes within one another, saving users the overhead of re-creating a new traffic class when most of the information exists in a previously configured traffic class.
When packets are matched to a class map, a traffic rate is generated for these packets. In a zone-based firewall policy, only the first packet that creates a session matches the policy. Subsequent packets in this flow do not match the filters in the configured policy, but instead match the session directly. The statistics related to subsequent packets are shown as part of the 'inspect' action.
Non-Zone-Based Policy Firewall Examples
In the following example, the traffic class called class1 has the same characteristics as traffic class called class2, with the exception that traffic class class1 has added a destination address as a match criterion. Rather than configuring traffic class class1 line by line, you can enter the match class-map class2 command. This command allows all of the characteristics in the traffic class called class2 to be included in the traffic class called class1, and you can simply add the new destination address match criterion without reconfiguring the entire traffic class.
Router(config)# class-map match-any class2 Router(config-cmap)# match protocol ip Router(config-cmap)# match qos-group 3 Router(config-cmap)# match access-group 2 Router(config-cmap)# exit Router(config)# class-map match-all class1 Router(config-cmap)# match class-map class2 Router(config-cmap)# match destination-address mac 1.1.1 Router(config-cmap)# exit
The following example shows how to combine the characteristics of two traffic classes, one with match-any and one with match-all characteristics, into one traffic class with the match class-map command. The result of traffic class called class4 requires a packet to match one of the following three match criteria to be considered a member of traffic class called class 4: IP protocol and QoS group 4, destination MAC address 1.1.1, or access group 2. Match criteria IP protocol and QoS group 4 are required in the definition of the traffic class named class3 and included as a possible match in the definition of the traffic class named class4 with the match class-map class3 command.
In this example, only the traffic class called class4 is used with the service policy called policy1.
Router(config)# class-map match-all class3 Router(config-cmap)# match protocol ip Router(config-cmap)# match qos-group 4 Router(config-cmap)# exit Router(config)# class-map match-any class4 Router(config-cmap)# match class-map class3 Router(config-cmap)# match destination-address mac 1.1.1 Router(config-cmap)# match access-group 2 Router(config-cmap)# exit Router(config)# policy-map policy1 Router(config-pmap)# class class4 Router(config-pmap-c)# police 8100 1500 2504 conform-action transmit exceed-action set-qos-transmit 4 Router(config-pmap-c)# exit
match cos
To match a packet on the basis of a Layer 2 class of service (CoS)/Inter-Switch Link (ISL) marking, use the matchcos command in class-map configuration or policy inline configuration mode. To remove a specific Layer 2 CoS/ISL marking as a match criterion, use the no form of this command.
Syntax Description
|
Supported Platforms Other Than the Cisco 10000 Series Routers |
|
|---|---|
|
cos-value |
Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to four CoS values, separated by a space, can be specified in one matchcos statement. |
|
Cisco 10000 Series Routers |
|
|
cos-value |
Specific packet CoS bit value. Specifies that the packet CoS bit value must match the specified CoS value. The cos-value is from 0 to 7; up to four CoS values, separated by a space, can be specified in one matchcos statement. |
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.1(5)T |
This command was introduced. |
|
12.0(25)S |
This command was integrated into Cisco IOS Release 12.0(25)S. |
|
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
12.2(33)SRC |
This command was integrated into Cisco IOS Release 12.2(33)SRC and support for the Cisco 7600 series routers was added. |
|
12.4(15)T2 |
This command was integrated into Cisco IOS Release 12.4(15)T2. |
|
12.2(33)SB |
This command was integrated into Cisco IOS Release 12.2(33)SB and support for the Cisco 7300 series router was added. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
|
12.2(33)SCF |
This command was integrated into Cisco IOS Release 12.2(33)SCF. |
|
15.1(2)SNG |
This command was integrated into Cisco IOS Release 15.1(2)SNG for Cisco ASR 901 Routers. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
In the following example, the CoS values of 1, 2, and 3 are successful match criteria for the interface that contains the classification policy named cos:
Router(config)# class-map cos Router(config-cmap)# match cos 1 2 3
In the following example, classes named voice and video-n-data are created to classify traffic based on the CoS values. QoS treatment is then given to the appropriate packets in the CoS-based-treatment policy map (in this case, the QoS treatment is priority 64 and bandwidth 512). The service policy configured in this example is attached to all packets leaving Fast Ethernet interface 0/0.1. The service policy can be attached to any interface that supports service policies.
Router(config)# class-map voice Router(config-cmap)# match cos 7 Router(config)# class-map video-n-data Router(config-cmap)# match cos 5 Router(config)# policy-map cos-based-treatment Router(config-pmap)# class voice Router(config-pmap-c)# priority 64 Router(config-pmap-c)# exit Router(config-pmap)# class video-n-data Router(config-pmap-c)# bandwidth 512 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fastethernet0/0.1 Router(config-if)# service-policy output cos-based-treatment
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of a CoS value of 2 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match cos 2 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Example of the match cos Command for Matching Traffic Classes Inside a 802.1p Domain by CoS values in Cisco IOS Release 12.2(33)SCF
The following example shows how to match traffic classes for the 802.1p domain with packet CoS values:
Router> enable Router# config terminal Router(config)# class-map cos7 Router(config-cmap)# match cos 2 Router(config-cmap)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
|
set cos |
Sets the Layer 2 CoS value of an outgoing packet. |
|
show class-map |
Displays all class maps and their matching criteria. |
match cos inner
To match the inner cos of QinQ packets on a Layer 2 class of service (CoS) marking, use the matchcosinnercommand in class-map configuration mode. To remove a specific Layer 2 CoS inner tag marking, use the no form of this command.
Examples
In the following example, the inner CoS-values of 1, 2, and 3 are successful match criteria for the interface that contains the classification policy called cos:
Router(config)# class-map cos Router(config-cmap)# match cos inner 1 2 3
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
|
set cos |
Sets the Layer 2 CoS value of an outgoing packet. |
|
show class-map |
Displays all class maps and their matching criteria. |
match destination-address mac
To use the destination MAC address as a match criterion, use the matchdestination-addressmaccommand in class-map configuration or policy inline configuration mode. To remove a previously specified destination MAC address as a match criterion, use the noform of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)XE |
This command was introduced. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
The following example specifies a class map named macaddress and specifies the destination MAC address to be used as the match criterion for this class:
Router(config)# class-map macaddress Router(config-cmap)# match destination-address mac 00:00:00:00:00:00
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the specified destination MAC address will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match destination-address mac 00:00:00:00:00:00 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
match discard-class
To specify a discard class as a match criterion, use the matchdiscard-class command in class-map configuration or policy inline configuration mode. To remove a previously specified discard class as a match criterion, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
A discard-class value has no mathematical significance. For example, the discard-class value 2 is not greater than 1. The value simply indicates that a packet marked with discard-class 2 should be treated differently than a packet marked with discard-class 1.
Packets that match the specified discard-class value are treated differently from packets marked with other discard-class values. The discard-class is a matching criterion only, used in defining per hop behavior (PHB) for dropping traffic.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
The following example shows that packets in discard class 2 are matched:
Router(config)# class-map d-class-2
Router(config-cmap)# match discard-class 2
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria specified by discard-class 2 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match discard-class 2 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
match dscp
To identify one or more differentiated service code point (DSCP), Assured Forwarding (AF), and Certificate Server (CS) values as a match criterion, use the match dscp command in class-map configuration or policy inline configuration mode. To remove a specific DSCP value from a class map, use the no form of this command.
Syntax Description
Command Modes
class-map configuration (config-cmap)
policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. This command replaces the match ip dscp command. |
|
12.0(28)S |
This command was integrated into Cisco IOS Release 12.0(28)S for support in IPv6. |
|
12.0(17)SL |
This command was integrated into Cisco IOS Release 12.0(17)SL and implemented on the Cisco 10000 series routers. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB. |
|
Cisco IOS XE Release 2.1 |
This command was integrated into Cisco IOS XE Release 2.1 and implemented on Cisco ASR 1000 Series Routers. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policy type performance-monitor inline command.
DSCP Values
You must enter one or more differentiated service code point (DSCP) values. The command may include any combination of the following:
- Numbers (0 to 63) representing differentiated services code point values
- AF numbers (for example, af11) identifying specific AF DSCPs
- CS numbers (for example, cs1) identifying specific CS DSCPs
- default--Matches packets with the default DSCP.
- ef--Matches packets with EF DSCP.
For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the IP DSCP values must be a successful match criterion, not all of the specified DSCP values), enter the match dscp 01234567 command.
This command is used by the class map to identify a specific DSCP value marking on a packet. In this context, dscp-value arguments are used as markings only and have no mathematical significance. For instance, the dscp-value of 2 is not greater than 1. The value simply indicates that a packet marked with the dscp-value of 2 is different than a packet marked with the dscp-value of 1. The treatment of these marked packets is defined by the user through the setting of Quality of Service (QoS) policies in policy-map class configuration mode.
Match Packets on DSCP Values
To match DSCP values for IPv6 packets only, the match protocol ipv6 command must also be used. Without that command, the DSCP match defaults to match both IPv4 and IPv6 packets.
To match DSCP values for IPv4 packets only, use the ip keyword. Without the ip keyword the match occurs on both IPv4 and IPv6 packets. Alternatively, the match protocol ip command may be used with match dscp to classify only IPv4 packets.
After the DSCP bit is set, other QoS features can then operate on the bit settings.
The network can give priority (or some type of expedited handling) to marked traffic. Typically, you set the precedence value at the edge of the network (or administrative domain); data is then queued according to the precedence. Weighted fair queueing (WFQ) can speed up handling for high-precedence traffic at congestion points. Weighted Random Early Detection (WRED) can ensure that high-precedence traffic has lower loss rates than other traffic during times of congestion.
Cisco 10000 Series Routers
The Cisco 10000 series routers support DSCP matching of IPv4 packets only. You must include the ip keyword when specifying the DSCP values to use as match criterion.
You cannot use the set ip dscp command with the set ip precedence command to mark the same packet. DSCP and precedence values are mutually exclusive. A packet can have one value or the other, but not both.
Examples
The following example shows how to set multiple match criteria. In this case, two IP DSCP values and one AF value.
Router(config)# class-map map1 Router(config-cmap)# match dscp 1 2 af11
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criterion specified by DSCP value 2 will be monitored based on the parameters specified in the flow monitor configuration named fm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match dscp 2 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# end
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match protocol ip |
Matches DSCP values for packets. |
|
match protocol ipv6 |
Matches DSCP values for IPv6 packets. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
set dscp |
Marks the DSCP value for packets within a traffic class. |
|
show class-map |
Displays all class maps and their matching criteria. |
match field
Note | Effective with Cisco IOS Release 15.2(4)M, the match field command is not available in Cisco IOS software. |
To configure the match criteria for a class map on the basis of the fields defined in the protocol header description files (PHDFs), use the match field command in class-map configuration mode. To remove the specified match criteria, use the no form of this command.
Syntax Description
|
protocol |
Name of protocol whose PHDF has been loaded onto a router. |
|
protocol field |
Match criteria is based upon the specified f ield within the loaded protocol. |
|
eq |
Match criteria is met if the packet is equal to the specified value or mask. |
|
neq |
Match criteria is met if the packet is not equal to the specified value or mask. |
|
mask mask |
(Optional) Can be used when the eq or the neq keywords are issued. |
|
gt |
Match criteria is met if the packet does not exceed the specified value. |
|
lt |
Match criteria is met if the packet is less than the specified value. |
|
range range |
Match criteria is based upon a lower and upper boundary protocol field range. |
|
regex string |
Match criteria is based upon a string that is to be matched. |
|
value |
Value for which the packet must be in accordance with. |
|
next next-protocol |
Specify the next protocol within the stack of protocols that is to be used as the match criteria. |
Command History
|
Release |
Modification |
|---|---|
|
12.4(4)T |
This command was introduced. |
|
12.2(18)ZY |
This command was integrated into Cisco IOS Release 12.2(18)ZY on the Catalyst 6500 series of switches equipped with the Programmable Intelligent Services Accelerator (PISA). |
|
Cisco IOS XE 2.2 |
This command was integrated into Cisco IOS XE Release 2.2. |
|
15.2(4)M |
This command was removed from the Cisco IOS software. |
Usage Guidelines
Before issuing the match-field command, you must load a PHDF onto the router via the load protocol command. Thereafter, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
Match criteria are defined via a start point, offset, size, value to match, and mask. A match can be defined on a pattern with any protocol field.
Examples
The following example shows how to configure FPM for blaster packets. The class map contains the following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start of IP header.
load protocol disk2:ip.phdf load protocol disk2:tcp.phdf load protocol disk2:udp.phdf class-map type stack match-all ip-tcp match field ip protocol eq 0x6 next tcp class-map type stack match-all ip-udp match field ip protocol eq 0x11 next udp class-map type access-control match-all blaster1 match field tcp dest-port eq 135 match start 13-start offset 3 size 2 eq 0x0030 class-map type access-control match-all blaster2 match field tcp dest-port eq 4444 match start 13-start offset 3 size 2 eq 0x0030 class-map type access-control match-all blaster3 match field udp dest-port eq 69 match start 13-start offset 3 size 2 eq 0x0030 policy-map type access-control fpm-tcp-policy class blaster1 drop class blaster2 drop policy-map type access-control fpm-udp-policy class blaster3 drop policy-map type access-control fpm-policy class ip-tcp service-policy fpm-tcp-policy class ip-udp service-policy fpm-udp-policy interface gigabitEthernet 0/1 service-policy type access-control input fpm-policy
match flow pdp
To specify a Packet Data Protocol (PDP) flow as a match criterion in a class map, use the matchflowpdp command in class-map configuration mode. To remove a PDP flow as a match criterion, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.3(8)XU |
This command was introduced. |
|
12.3(11)YJ |
This command was integrated into Cisco IOS Release 12.3(11)YJ. |
|
12.3(14)YQ |
This command was integrated into Cisco IOS Release 12.3(14)YQ. |
|
12.3(14)YU |
This command was integrated into Cisco IOS Release 12.3(14)YU. |
|
12.4(2)XB |
This command was integrated into Cisco IOS Release 12.4(2)XB. |
|
12.4(9)T |
This command was integrated into Cisco IOS Release 12.4(9)T. |
Usage Guidelines
The matchflowpdp command allows you to match and classify traffic on the basis of a PDP flow.
The matchflowpdp command is included with the Flow-Based QoS for GGSN feature available with Cisco IOS Release 12.4(9)T. The Flow-Based QoS for GGSN feature is designed specifically for the Gateway General Packet Radio Service (GPRS) Support Node (GGSN).
Per-PDP Policing
The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).
The matchflowpdp command (when used in conjunction with the class-map command, the policy-map command, the policeratepdp command, and the service-policy command) allows you to configure per-PDP policing (session-based policing) for downlink traffic on a GGSN.
Note the following points related to per-PDP policing:
- When using the class-map command to define a class map for PDP flow classification, do not use the match-anykeyword.
- Per-PDP policing functionality requires that you configure Universal Mobile Telecommunications System (UMTS) quality of service (QoS). For information on configuring UMTS QoS, see the "Configuring QoS on the GGSN" section of the Cisco GGSN Release 6.0 Configuration Guide , Cisco IOS Release 12.4(2)XB.
- The policy map created to configure per-PDP policing cannot contain multiple classes within which only the matchflowpdp command has been specified. In other words, if there are multiple classes in the policy map, the matchflowpdpcommand must be used in conjunction with another match statement (for example, matchprecedence) in at least one class.
For More Information
For more information about the GGSN, along with the instructions for configuring the Flow-Based QoS for GGSN feature, see the Cisco GGSN Release 6.0 Configuration Guide , Cisco IOS Release 12.4(2)XB.
Note | To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called " Configuring Per-PDP Policing ." |
For more information about the GGSN-specific commands, see the Cisco GGSN Release 6.0 Command Reference , Cisco IOS Release 12.4(2)XB.
Examples
The following example specifies PDP flows as the match criterion in a class map named "class-pdp":
class-map class-pdp match flow pdp
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match precedence |
Identifies IP precedence values as match criteria. |
|
police rate pdp |
Configures PDP traffic policing using the police rate. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an interface. |
match fr-dlci
To specify the Frame Relay data-link connection identifier (DLCI) number as a match criterion in a class map, use the matchfr-dlcicommand in class-map configuration or policy inline configuration mode. To remove a previously specified DLCI number as a match criterion, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. |
|
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
This match criterion can be used in main interfaces and point-to-multipoint subinterfaces in Frame Relay networks, and it can also be used in hierarchical policy maps.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
In the following example a class map named "class1" has been created and the Frame Relay DLCI number of 500 has been specified as a match criterion. Packets matching this criterion are placed in class1.
Router(config)# class-map class1 Router(config-cmap)# match fr-dlci 500
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the Frame Relay DLCI number of 500 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match fr-dlci 500 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
show class-map |
Displays all class maps and their matching criteria. |
|
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface. |
match input vlan
To configure a class map to match incoming packets that have a specific virtual local area network (VLAN) ID, use the matchinputvlancommand in class map configuration mode. To remove the matching of VLAN IDs, use the no form of this command.
Syntax Description
|
input-vlan-list |
One or more VLAN IDs to be matched. The valid range for VLAN IDs is from 1 to 4094, and the list of VLAN IDs can include one or all of the following:
|
Usage Guidelines
The matchinputvlan command allows you to create a class map that matches packets with one or more specific VLAN IDs, as they were received on the input (ingress) interface. This enables hierarchical Quality of Service (HQoS) for Ethernet over MPLS (EoMPLS) Virtual Circuits (VC), allowing parent and child relationships between QoS class maps and policy maps. This in turn enables service providers to easily classify and shape traffic for a particular EoMPLS network.
In EoMPLS applications, the parent class map typically specifies the maximum bandwidth for all of the VCs in a specific EoMPLS network. Then the child class maps perform other QoS operations, such as traffic shaping, on a subset of this traffic.
Do not confuse the matchinputvlan command with the matchvlan command, which is also a class-map configuration command.
- The matchvlan command matches the VLAN ID on packets for the particular interface at which the policy map is applied. Policy maps using the matchvlan command can be applied to either ingress or egress interfaces on the router, using the service-policy {input | output} command.
- The matchinputvlan command matches the VLAN ID that was on packets when they were received on the ingress interface on the router. Typically, policy maps using the matchinputvlan command are applied to egress interfaces on the router, using the service-policyoutput command.
The matchinputvlan command can also be confused with the matchinput-interfacevlan command, which matches packets being received on a logical VLAN interface that is used for inter-VLAN routing.
 Tip | Because class maps also support the matchinput-interface command, you cannot abbreviate the input keyword when giving the matchinputvlan command. |
Note | The matchinputvlan command cannot be used only on Layer 2 LAN ports on FlexWAN, Enhanced FlexWAN, and Optical Service Modules (OSM) line cards. |
The following restrictions apply when using the matchinputvlan command:
- You cannot attach a policy with matchinputvlan to an interface if you have already attached a service policy to a VLAN interface (a logical interface that has been created with the interfacevlan command).
- Class maps that use the matchinputvlan command support only the match-any option. You cannot use the match-all option in class maps that use the matchinputvlan command.
- If the parent class contains a class map with a matchinputvlan command, you cannot use a matchexp command in a child class map.
Examples
The following example creates a class map and policy map that matches packets with a VLAN ID of 1000. The policy map shapes this traffic to a committed information rate (CIR) value of 10 Mbps (10,000,000 bps). The final lines then apply this policy map to a specific gigabit Ethernet WAN interface.
Router# configure terminal Router(config)# class-map match-any vlan1000 Router(config-cmap)# match input vlan 1000 Router(config-cmap)# exit Router(config)# policy-map policy1000 Router(config-pmap)# class vlan1000 Router(config-pmap-c)# exit Router(config-pmap)# shape average 10000000 Router(config-pmap)# interface GE-WAN 3/0 Router(config-if)# service-policy output policy1000 Router(config-if)#
The following example shows a class map being configured to match VLAN IDs 100, 200, and 300:
Router# configure terminal Router(config)# class-map match-any hundreds Router(config-cmap)# match input vlan 100 200 300 Router(config-cmap)#
The following example shows a class map being configured to match all VLAN IDs from 2000 to 2999 inclusive:
Router# configure terminal Router(config)# class-map match-any vlan2000s Router(config-cmap)# match input vlan 2000-2999 Router(config-cmap)#
The following example shows a class map being configured to match both a range of VLAN IDs, as well as specific VLAN IDs:
Router# configure terminal Router(config)# class-map match-any misc Router(config-cmap)# match input vlan 1 5 10-99 2000-2499 Router(config-cmap)#
Related Commands
|
Command |
Description |
|---|---|
|
clear cef linecard |
Clears Cisco Express Forwarding (CEF) information on one or more line cards, but does not clear the CEF information on the main route processor (RP). This forces the line cards to synchronize their CEF information with the information that is on the RP. |
|
match qos-group |
Identifies a specified QoS group value as a match criterion. |
|
mls qos trust |
Sets the trusted state of an interface, to determine which incoming QoS field on a packet, if any, should be preserved. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
|
show policy-map |
Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps. |
|
show policy-map interface |
Displays the configuration of all classes configured for all service policies on the specified interface or displays the classes for the service policy for a specific PVC on the interface. |
|
show platform qos policy-map |
Displays the type and number of policy maps that are configured on the router. |
match input-interface
To configure a class map to use the specified input interface as a match criterion, use the match input-interface command in class-map configuration or policy inline configuration mode. To remove the input interface match criterion from a class map, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)T |
This command was introduced. |
|
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
|
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
|
12.0(17)SL |
This command was enhanced to include matching on the input interface. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Note | With CSCtx62310, the minimum string you must enter to uniquely identify this command is match input-. The device no longer accepts match input as an abbreviated version of this command. |
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
To enter policy inline configuration mode, you must first enter the service-policy type performance-monitor inline command.
Supported Platforms Other Than Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria including input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The match input-interface command specifies the name of an input interface to be used as the match criterion against which packets are checked to determine if they belong to the class specified by the class map.
To use the match input-interface command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish. After you identify the class, you can use one of the following commands to configure its match criteria:
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
Cisco 10000 Series Routers
For CBWFQ, you define traffic classes based on match criteria including input interfaces, ACLs, protocols, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
To use the match input-interface command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
Examples
The following example specifies a class map named ethernet1 and configures the input interface named ethernet1 to be used as the match criterion for this class:
Router(config)# class-map ethernet1 Router(config-cmap)# match input-interface ethernet1
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of the input interface named ethernet1 will be monitored based on the parameters specified in the flow monitor configuration named fm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match input-interface ethernet 1 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match access-group |
Configures the match criteria for a class map based on the specified ACL. |
|
match mpls experimental |
Configures a class map to use the specified EXP field value as a match criterion. |
|
match protocol |
Configures the match criteria for a class map on the basis of the specified protocol. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
match ip rtp
To configure a class map to use the Real-Time Protocol (RTP) port as the match criterion, use the matchiprtpcommand in class-map configuration or policy inline configuration mode. To remove the RTP port match criterion, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.1(2)T |
This command was introduced. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
This command is used to match IP RTP packets that fall within the specified port range. It matches packets destined to all even User Datagram Port (UDP) port numbers in the range from the starting port number argument to the starting port number plus the port range argument.
Use of an RTP port range as the match criterion is particularly effective for applications that use RTP, such as voice or video.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
The following example specifies a class map named ethernet1 and configures the RTP port number 2024 and range 1000 to be used as the match criteria for this class:
Router(config)# class-map ethernet1 Router(config-cmap)# match ip rtp 2024 1000
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of RTP port number 2024 and range 1000 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match ip rtp 2024 1000 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
ip rtp priority |
Reserves a strict priority queue for a set of RTP packet flows belonging to a range of UDP destination ports. |
|
match access-group |
Configures the match criteria for a class map based on the specified ACL number. |
match mpls experimental
To configure a class map to use the specified value or values of the experimental (EXP) field as a match criteria, use the matchmplsexperimentalcommand in class-map configuration mode. To remove the EXP field match criteria from a class map, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE1 |
This command was introduced. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2(4)T |
This command was implemented on the Cisco MGX 8850 switch and the MGX 8950 switch with a Cisco MGX RPM-PR card. |
|
12.2(4)T2 |
This command was implemented on the Cisco 7500 series. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Usage Guidelines
Supported Platforms Other Than the Cisco 10000 Series
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria such as input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchmplsexperimental command specifies the name of an EXP field value to be used as the match criterion against which packets are compared to determine if they belong to the class specified by the class map.
To use the matchmplsexperimental command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish. After you identify the class, you can use one of the following commands to configure its match criteria:
- match access-group
- match input-interface
- match mpls experimental
- match protocol
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
Cisco 10000 Series
This command is available only on the ESR-PRE1 module.
For CBWFQ, you define traffic classes based on match criteria such as input interfaces, ACLs, protocols, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
To use the matchmplsexperimental command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
Examples
The following example specifies a class map called ethernet1 and configures the Multiprotocol Label Switching (MPLS) experimental values of 1 and 2 to be used as the match criteria for this class:
Router(config)# class-map ethernet1 Router(config-cmap)# match mpls experimental 1 2
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match access-group |
Configures the match criteria for a class map based on the specified ACL. |
|
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
|
match mpls experimental topmost |
Matches the EXP value in the topmost label. |
|
match protocol |
Matches traffic by a particular protocol. |
|
match qos-group |
Configures the match criteria for a class map based on the specified protocol. |
match mpls experimental topmost
To match the experimental (EXP) value in the topmost label header, use the matchmplsexperimentaltopmostcommand in class-map configuration or policy inline configuration mode. To remove the EXP match criterion, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB. |
|
Cisco IOS XE Release 2.3 |
This command was integrated into Cisco IOS XE Release 2.3. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
|
12.2(33)SCF |
This command was integrated into Cisco IOS Release 12.2(33)SCF. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
You can enter this command on the input interfaces and the output interfaces. It will match only on MPLS packets.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
The following example shows that the EXP value 3 in the topmost label header is matched:
Router(config)# class-map mpls exp Router(config-cmap)# match mpls experimental topmost 3
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of a EXP value of 3 in the topmost label header will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match mpls experimental topmost 3 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
set mpls experimental topmost |
Sets the MPLS EXP field value in the topmost MPLS label header at the input or output interfaces. |
match not
To specify the single match criterion value to use as an unsuccessful match criterion, use the matchnotcommand inclass-map configuration or policy inline configuration mode. To remove a previously specified source value to not use as a match criterion, use the noform of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)XE |
This command was introduced. |
|
12.0(5)T |
This command was integrated into Cisco IOS Release 12.0(5)T. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
The matchnotcommand is used to specify a quality of service (QoS) policy value that is not used as a match criterion. When thematchnot command is used, all other values of that QoS policy become successful match criteria.
For instance, if the matchnotqos-group4 command is issued in QoS class-map configuration mode, the specified class will accept all QoS group values except 4 as successful match criteria.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
In the following traffic class, all protocols except IP are considered successful match criteria:
Router(config)# class-map noip Router(config-cmap)# match not protocol ip
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 for all protocols except IP will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match not protocol ip Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
match packet length (class-map)
To specify the Layer 3 packet length in the IP header as a match criterion in a class map, use the matchpacketlength command in class-map configuration or policy inline configuration mode. To remove a previously specified Layer 3 packet length as a match criterion, use the no form of this command.
Syntax Description
|
max |
Indicates that a maximum value for the Layer 3 packet length is to be specified. |
|
maximum-length-value |
Maximum length value of the Layer 3 packet length, in bytes. The range is from 1 to 2000. |
|
min |
Indicates that a minimum value for the Layer 3 packet length is to be specified. |
|
minimum-length-value |
Minimum length value of the Layer 3 packet length, in bytes. The range is from 1 to 2000. |
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
Cisco IOS XE Release 2.2 |
This command was integrated into Cisco IOS XE Release 2.2 and implemented on the Cisco ASR 1000 Series Routers. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
This command considers only the Layer 3 packet length in the IP header. It does not consider the Layer 2 packet length in the IP header.
When using this command, you must at least specify the maximum or minimum value. However, you do have the option of entering both values.
If only the minimum value is specified, a packet with a Layer 3 length greater than the minimum is viewed as matching the criterion.
If only the maximum value is specified, a packet with a Layer 3 length less than the maximum is viewed as matching the criterion.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Examples
In the following example a class map named "class 1" has been created, and the Layer 3 packet length has been specified as a match criterion. In this example, packets with a minimum Layer 3 packet length of 100 bytes and a maximum Layer 3 packet length of 300 bytes are viewed as meeting the match criteria.
Router(config)# class-map match-all class1 Router(config-cmap)# match packet length min 100 max 300
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of a minimum Layer 3 packet length of 100 bytes and a maximum Layer 3 packet length of 300 bytes will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match packet length min 100 max 300 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
show class-map |
Displays all class maps and their matching criteria. |
|
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface. |
match port-type
To match the access policy on the basis of the port for a class map, use the matchport-type command in class-map configuration mode. To delete the port type, use the no form of this command.
Usage Guidelines
This command is used because, on the basis of the port on which a user is connecting, the access policies that are applied to it can be different.
match precedence
To identify IP precedence values to use as the match criterion, use the matchprecedence command in class-map configuration or policy inline configuration mode. To remove IP precedence values from a class map, use the no form of this command.
Syntax Description
|
ip |
(Optional) Specifies that the match is for IPv4 packets only. If not used, the match is on both IPv4 and IPv6 packets.
|
||
|
precedence-criteria1 precedence-criteria2 precedence-criteria3 precedence-criteria4 |
Identifies the precedence value. You can enter up to four different values, separated by a space. See the "Usage Guidelines" section for valid values. |
Command Modes
class-map configuration (config-cmap)
policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.2(13)T |
This command was introduced. This command replaces the matchipprecedence command. |
|
12.0(17)SL |
This command was integrated into Cisco IOS Release 12.0(17)SL and implemented on the Cisco 10000 series routers. |
|
12.0(28)S |
This command was integrated into Cisco IOS Release 12.0(28)S for IPv6. |
|
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
|
Cisco IOS XE Release 3.6 |
This command was implemented on the Cisco ASR 903 Router. |
|
15.1(2)SNG |
This command was integrated into Cisco IOS Release 15.1(2)SNG for Cisco ASR 901 Routers. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
You can enter up to four matching criteria, a number abbreviation (0 to 7) or criteria names (critical, flash, and so on), in a single match statement. For example, if you wanted the precedence values of 0, 1, 2, or 3 (note that only one of the precedence values must be a successful match criterion, not all of the specified precedence values), enter the matchipprecedence0123command. The precedence-criteria numbers are not mathematically significant; that is, the precedence-criteria of 2 is not greater than 1. The way that these different packets are treated depends upon quality of service (QoS) policies, set in policy-map configuration mode.
You can configure a QoS policy to include IP precedence marking for packets entering the network. Devices within your network can then use the newly marked IP precedence values to determine how to treat the packets. For example, class-based weighted random early detection (WRED) uses IP precedence values to determine the probability that a packet is dropped. You can also mark voice packets with a particular precedence. You can then configure low-latency queueing (LLQ) to place all packets of that precedence into the priority queue.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinline command.
Matching Precedence for IPv6 and IPv4 Packets on the Cisco 7600 and 10000 and Series Routers
On the Cisco 7600 series and 10000 series routers, you set matching criteria based on precedence values for only IPv6 packets using the matchprotocolcommand with the ipv6 keyword. Without that keyword, the precedence match defaults to match both IPv4 and IPv6 packets. You set matching criteria based on precedence values for IPv4 packets only using the ip keyword. Without the ip keyword the match occurs on both IPv4 and IPv6 packets.
Precedence Values and Names
The following table lists all criteria conditions by value, name, binary value, and recommended use. You may enter up to four criteria, each separated by a space. Only one of the precedence values must be a successful match criterion. The table below lists the IP precedence values.
| Table 1 | IP Precedence Values |
|
Precedence Value |
Precedence Name |
Binary Value |
Recommended Use |
|---|---|---|---|
|
0 |
routine |
000 |
Default marking value |
|
1 |
priority |
001 |
Data applications |
|
2 |
immediate |
010 |
Data applications |
|
3 |
flash |
011 |
Call signaling |
|
4 |
flash-override |
100 |
Video conferencing and streaming video |
|
5 |
critical |
101 |
Voice |
|
6 |
internet (control) |
110 |
Network control traffic (such as routing, which is typically precedence 6) |
|
7 |
network (control) |
111 |
Do not use IP precedence 6 or 7 to mark packets, unless you are marking control packets.
IPv4-Specific Traffic Match
The following example shows how to configure the service policy named priority50 and attach service policy priority50 to an interface, matching for IPv4 traffic only. In a network where both IPv4 and IPv6 are running, you might find it necessary to distinguish between the protocols for matching and traffic segregation. In this example, the class map named ipprec5 will evaluate all IPv4 packets entering Fast Ethernet interface 1/0/0 for a precedence value of 5. If the incoming IPv4 packet has been marked with the precedence value of 5, the packet will be treated as priority traffic and will be allocated with bandwidth of 50 kbps.
Router(config)# class-map ipprec5 Router(config-cmap)# match ip precedence 5 Router(config)# exit Router(config)# policy-map priority50 Router(config-pmap)# class ipprec5 Router(config-pmap-c)# priority 50 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fa1/0/0 Router(config-if)# service-policy input priority50
IPv6-Specific Traffic Match
The following example shows the same service policy matching on precedence for IPv6 traffic only. Notice that the match protocol command with the ipv6 keyword precedes the match precedence command. The match protocol command is required to perform matches on IPv6 traffic alone.
Router(config)# class-map ipprec5 Router(config-cmap)# match protocol ipv6 Router(config-cmap)# match precedence 5 Router(config)# exit Router(config)# policy-map priority50 Router(config-pmap)# class ipprec5 Router(config-pmap-c)# priority 50 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fa1/0/0 Router(config-if)# service-policy input priority50
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criterion of a match precedence of 4 will be monitored based on the parameters specified in the flow monitor configuration named fm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match precedence 4 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# end
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
match protocol |
Configures the match criteria for a class map on the basis of a specified protocol. |
|
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
|
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
set ip precedence |
Sets the precedence value in the IP header. |
|
show class-map |
Displays all class maps and their matching criteria, or a specified class map and its matching criteria. |
match protocol
To configure the match criterion for a class map on the basis of a specified protocol, use the matchprotocol command in class-map configuration or policy inline configuration mode. To remove the protocol-based match criterion from the class map, use the no form of this command.
Command Modes
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)T |
This command was introduced. |
|
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
|
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
|
12.1(13)E |
This command was integrated into Cisco IOS Release 12.1(13)E and implemented on Catalyst 6000 family switches without FlexWAN modules. |
|
12.2(8)T |
This command was integrated into Cisco IOS Release 12.2(8)T. |
|
12.2(13)T |
This command was modified to remove apollo, vines, and xns from the list of protocols used as matching criteria. These protocols were removed because Apollo Domain, Banyan VINES, and Xerox Network Systems (XNS) were removed in this release. The IPv6 protocol was added to support matching on IPv6 packets. |
|
12.0(28)S |
This command was integrated into Cisco IOS Release 12.0(28)S for IPv6. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(17a)SX1 |
This command was integrated into Cisco IOS Release 12.2(17a)SX1. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE and implemented on the Supervisor Engine 720. |
|
12.4(6)T |
This command was modified. The Napster protocol was removed because it is no longer supported. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(31)SB2 |
This command was integrated into Cisco IOS Release 12.2(31)SB2 and implemented on the Cisco 10000 series routers. |
|
12.2(18)ZY |
This command was integrated into Cisco IOS Release 12.2(18)ZY. This command was modified to enhance Network-Based Application Recognition (NBAR) functionality on the Catalyst 6500 series switch that is equipped with the Supervisor 32/programmable intelligent services accelerator (PISA) engine. |
|
12.4(15)XZ |
This command was integrated into Cisco IOS Release 12.4(15)XZ. |
|
12.4(20)T |
This command was integrated into Cisco IOS Release 12.4(20)T and implemented on the Cisco 1700, Cisco 1800, Cisco 2600, Cisco 2800, Cisco 3700, Cisco 3800, Cisco 7200, and Cisco 7300 series routers. |
|
Cisco IOS XE Release 2.2 |
This command was integrated into Cisco IOS XE Release 2.2 and implemented on the Cisco ASR 1000 Series Routers. |
|
Cisco IOS XE Release 3.1S |
This command was modified. Support for more protocols was added. |
|
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
|
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
Usage Guidelines
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Supported Platforms Other Than Cisco 7600 Routers and Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria protocols, access control lists (ACLs), input interfaces, quality of service (QoS) labels, and Experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocol command specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
The matchprotocolipx command matches packets in the output direction only.
To use the matchprotocol command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish. After you identify the class, you can use one of the following commands to configure its match criteria:
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
To configure NBAR to match protocol types that are supported by NBAR traffic, use the matchprotocol(NBAR)command.
Cisco 7600 Series Routers
The matchprotocol command in QoS class-map configuration configures NBAR and sends all traffic on the port, both ingress and egress, to be processed in the software on the Multilayer Switch Feature Card 2 (MSFC2).
For CBWFQ, you define traffic classes based on match criteria like protocols, ACLs, input interfaces, QoS labels, and Multiprotocol Label Switching (MPLS) EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocolcommand specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
If you want to use the matchprotocolcommand, you must first enter the class-map command to specify the name of the class to which you want to establish the match criteria.
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
This command can be used to match protocols that are known to the NBAR feature. For a list of protocols supported by NBAR, see the "Classification" part of the Cisco IOS Quality of Service Solutions Configuration Guide.
Cisco 10000 Series Routers
For CBWFQ, you define traffic classes based on match criteria including protocols, ACLs, input interfaces, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocol command specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
The matchprotocolipx command matches packets in the output direction only.
To use the matchprotocol command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
If you are matching NBAR protocols, use the matchprotocol(NBAR) command.
Match Protocol Command Restrictions (Catalyst 6500 Series Switches Only)
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) on the basis of a protocol type or application. You can create as many traffic classes as needed.
Cisco IOS Release 12.2(18)ZY includes software intended for use on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine. For this release and platform, note the following restrictions for using policy maps and matchprotocol commands:
- A single traffic class can be configured to match a maximum of 8 protocols or applications.
- Multiple traffic classes can be configured to match a cumulative maximum of 95 protocols or applications.
Supported Protocols
The table below lists the protocols supported by most routers. Some routers support a few additional protocols. For example, the Cisco 7600 router supports the AARP and DECnet protocols, while the Cisco 7200 router supports the directconnect and PPPOE protocols. For a complete list of supported protocols, see the online help for the matchprotocol command on the router that you are using.
| Table 2 | Supported Protocols |
|
Protocol Name |
Description |
|---|---|
|
802-11-iapp |
IEEE 802.11 Wireless Local Area Networks Working Group Internet Access Point Protocol |
|
ace-svr |
ACE Server/Propagation |
|
aol |
America-Online Instant Messenger |
|
appleqtc |
Apple QuickTime |
|
arp * |
IP Address Resolution Protocol (ARP) |
|
bgp |
Border Gateway Protocol |
|
biff |
Biff mail notification |
|
bootpc |
Bootstrap Protocol Client |
|
bootps |
Bootstrap Protocol Server |
|
bridge * |
bridging |
|
cddbp |
CD Database Protocol |
|
cdp * |
Cisco Discovery Protocol |
|
cifs |
CIFS |
|
cisco-fna |
Cisco FNATIVE |
|
cisco-net-mgmt |
cisco-net-mgmt |
|
cisco-svcs |
Cisco license/perf/GDP/X.25/ident svcs |
|
cisco-sys |
Cisco SYSMAINT |
|
cisco-tdp |
cisco-tdp |
|
cisco-tna |
Cisco TNATIVE |
|
citrix |
Citrix Systems Metaframe |
|
citriximaclient |
Citrix IMA Client |
|
clns * |
ISO Connectionless Network Service |
|
clns_es * |
ISO CLNS End System |
|
clns_is * |
ISO CLNS Intermediate System |
|
clp |
Cisco Line Protocol |
|
cmns * |
ISO Connection-Mode Network Service |
|
cmp |
Cluster Membership Protocol |
|
compressedtcp * |
Compressed TCP |
|
creativepartnr |
Creative Partner |
|
creativeserver |
Creative Server |
|
cuseeme |
CU-SeeMe desktop video conference |
|
daytime |
Daytime (RFC 867) |
|
dbase |
dBASE Unix |
|
dbcontrol_agent |
Oracle Database Control Agent |
|
ddns-v3 |
Dynamic DNS Version 3 |
|
dhcp |
Dynamic Host Configuration |
|
dhcp-failover |
DHCP Failover |
|
directconnect |
Direct Connect |
|
discard |
Discard port |
|
dns |
Domain Name Server lookup |
|
dnsix |
DNSIX Security Attribute Token Map |
|
echo |
Echo port |
|
edonkey |
eDonkey |
|
egp |
Exterior Gateway Protocol |
|
eigrp |
Enhanced Interior Gateway Routing Protocol |
|
entrust-svc-handler |
Entrust KM/Admin Service Handler |
|
entrust-svcs |
Entrust sps/aaas/aams |
|
exec |
Remote Process Execution |
|
exchange |
Microsoft RPC for Exchange |
|
fasttrack |
FastTrack Traffic (KaZaA, Morpheus, Grokster, and so on) |
|
fcip-port |
FCIP |
|
finger |
Finger |
|
ftp |
File Transfer Protocol |
|
ftps |
FTP over TLS/SSL |
|
gdoi |
Group Domain of Interpretation |
|
giop |
Oracle GIOP/SSL |
|
gnutella |
Gnutella Version 2 Traffic (BearShare, Shareeza, Morpheus, and so on) |
|
gopher |
Gopher |
|
gre |
Generic Routing Encapsulation |
|
gtpv0 |
GPRS Tunneling Protocol Version 0 |
|
gtpv1 |
GPRS Tunneling Protocol Version 1 |
|
h225ras |
H225 RAS over Unicast |
|
h323 |
H323 Protocol |
|
h323callsigalt |
H323 Call Signal Alternate |
|
hp-alarm-mgr |
HP Performance data alarm manager |
|
hp-collector |
HP Performance data collector |
|
hp-managed-node |
HP Performance data managed node |
|
hsrp |
Hot Standby Router Protocol |
|
http |
Hypertext Transfer Protocol |
|
https |
Secure Hypertext Transfer Protocol |
|
ica |
ica (Citrix) |
|
icabrowser |
icabrowser (Citrix) |
|
icmp |
Internet Control Message Protocol |
|
ident |
Authentication Service |
|
igmpv3lite |
IGMP over UDP for SSM |
|
imap |
Internet Message Access Protocol |
|
imap3 |
Interactive Mail Access Protocol 3 |
|
imaps |
IMAP over TLS/SSL |
|
ip * |
IP (version 4) |
|
ipass |
IPASS |
|
ipinip |
IP in IP (encapsulation) |
|
ipsec |
IP Security Protocol (ESP/AH) |
|
ipsec-msft |
Microsoft IPsec NAT-T |
|
ipv6 * |
IP (version 6) |
|
ipx |
IPX |
|
irc |
Internet Relay Chat |
|
irc-serv |
IRC-SERV |
|
ircs |
IRC over TLS/SSL |
|
ircu |
IRCU |
|
isakmp |
ISAKMP |
|
iscsi |
iSCSI |
|
iscsi-target |
iSCSI port |
|
kazaa2 |
Kazaa Version 2 |
|
kerberos |
Kerberos |
|
l2tp |
Layer 2 Tunnel Protocol |
|
ldap |
Lightweight Directory Access Protocol |
|
ldap-admin |
LDAP admin server port |
|
ldaps |
LDAP over TLS/SSL |
|
llc2 * |
llc2 |
|
login |
Remote login |
|
lotusmtap |
Lotus Mail Tracking Agent Protocol |
|
lotusnote |
Lotus Notes |
|
mgcp |
Media Gateway Control Protocol |
|
microsoft-ds |
Microsoft-DS |
|
msexch-routing |
Microsoft Exchange Routing |
|
msnmsgr |
MSN Instant Messenger |
|
msrpc |
Microsoft Remote Procedure Call |
|
msrpc-smb-netbios |
MSRPC over TCP port 445 |
|
ms-cluster-net |
MS Cluster Net |
|
ms-dotnetster |
Microsoft .NETster Port |
|
ms-sna |
Microsoft SNA Server/Base |
|
ms-sql |
Microsoft SQL |
|
ms-sql-m |
Microsoft SQL Monitor |
|
mysql |
MySQL |
|
n2h2server |
N2H2 Filter Service Port |
|
ncp |
NCP (Novell) |
|
net8-cman |
Oracle Net8 Cman/Admin |
|
netbios |
Network Basic Input/Output System |
|
netbios-dgm |
NETBIOS Datagram Service |
|
netbios-ns |
NETBIOS Name Service |
|
netbios-ssn |
NETBIOS Session Service |
|
netshow |
Microsoft Netshow |
|
netstat |
Variant of systat |
|
nfs |
Network File System |
|
nntp |
Network News Transfer Protocol |
|
novadigm |
Novadigm Enterprise Desktop Manager (EDM) |
|
ntp |
Network Time Protocol |
|
oem-agent |
OEM Agent (Oracle) |
|
oracle |
Oracle |
|
oracle-em-vp |
Oracle EM/VP |
|
oraclenames |
Oracle Names |
|
orasrv |
Oracle SQL*Net v1/v2 |
|
ospf |
Open Shortest Path First |
|
pad * |
Packet assembler/disassembler (PAD) links |
|
pcanywhere |
Symantec pcANYWHERE |
|
pcanywheredata |
pcANYWHEREdata |
|
pcanywherestat |
pcANYWHEREstat |
|
pop3 |
Post Office Protocol |
|
pop3s |
POP3 over TLS/SSL |
|
pppoe |
Point-to-Point Protocol over Ethernet |
|
pptp |
Point-to-Point Tunneling Protocol |
|
printer |
Print spooler/ldp |
|
pwdgen |
Password Generator Protocol |
|
qmtp |
Quick Mail Transfer Protocol |
|
radius |
RADIUS & Accounting |
|
rcmd |
Berkeley Software Distribution (BSD) r-commands (rsh, rlogin, rexec) |
|
rdb-dbs-disp |
Oracle RDB |
|
realmedia |
RealNetwork's Realmedia Protocol |
|
realsecure |
ISS Real Secure Console Service Port |
|
rip |
Routing Information Protocol |
|
router |
Local Routing Process |
|
rsrb * |
Remote Source-Route Bridging |
|
rsvd |
RSVD |
|
rsvp |
Resource Reservation Protocol |
|
rsvp-encap |
RSVP ENCAPSULATION-1/2 |
|
rsvp_tunnel |
RSVP Tunnel |
|
rtc-pm-port |
Oracle RTC-PM port |
|
rtelnet |
Remote Telnet Service |
|
rtp |
Real-Time Protocol |
|
rtsp |
Real-Time Streaming Protocol |
|
r-winsock |
remote-winsock |
|
secure-ftp |
FTP over Transport Layer Security/Secure Sockets Layer (TLS/SSL) |
|
secure-http |
Secured HTTP |
|
secure-imap |
Internet Message Access Protocol over TLS/SSL |
|
secure-irc |
Internet Relay Chat over TLS/SSL |
|
secure-ldap |
Lightweight Directory Access Protocol over TLS/SSL |
|
secure-nntp |
Network News Transfer Protocol over TLS/SSL |
|
secure-pop3 |
Post Office Protocol over TLS/SSL |
|
secure-telnet |
Telnet over TLS/SSL |
|
send |
SEND |
|
shell |
Remote command |
|
sip |
Session Initiation Protocol |
|
sip-tls |
Session Initiation Protocol-Transport Layer Security |
|
skinny |
Skinny Client Control Protocol |
|
sms |
SMS RCINFO/XFER/CHAT |
|
smtp |
Simple Mail Transfer Protocol |
|
snapshot |
Snapshot routing support |
|
snmp |
Simple Network Protocol |
|
snmptrap |
SNMP Trap |
|
socks |
Sockets network proxy protocol (SOCKS) |
|
sqlnet |
Structured Query Language (SQL)*NET for Oracle |
|
sqlserv |
SQL Services |
|
sqlsrv |
SQL Service |
|
sqlserver |
Microsoft SQL Server |
|
ssh |
Secure shell |
|
sshell |
SSLshell |
|
ssp |
State Sync Protocol |
|
streamwork |
Xing Technology StreamWorks player |
|
stun |
cisco Serial Tunnel |
|
sunrpc |
Sun remote-procedure call (RPC) |
|
syslog |
System Logging Utility |
|
syslog-conn |
Reliable Syslog Service |
|
tacacs |
Login Host Protocol (TACACS) |
|
tacacs-ds |
TACACS-Database Service |
|
tarantella |
Tarantella |
|
tcp |
Transport Control Protocol |
|
telnet |
Telnet |
|
telnets |
Telnet over TLS/SSL |
|
tftp |
Trivial File Transfer Protocol |
|
time |
Time |
|
timed |
Time server |
|
tr-rsrb |
cisco RSRB |
|
tto |
Oracle TTC/SSL |
|
udp |
User Datagram Protocol |
|
uucp |
UUCPD/UUCP-RLOGIN |
|
vdolive |
VDOLive streaming video |
|
vofr * |
Voice over Frame Relay |
|
vqp |
VLAN Query Protocol |
|
webster |
Network Dictionary |
|
who |
Who's service |
|
wins |
Microsoft WINS |
|
x11 |
X Window System |
|
xdmcp |
XDM Control Protocol |
|
xwindows * |
X-Windows remote access |
|
ymsgr |
Yahoo! Instant Messenger |
* This protocol is not supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine.
Examples
The following example specifies a class map named ftp and configures the FTP protocol as a match criterion:
Router(config)# class-map ftp Router(config-cmap) # match protocol ftp
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 for the IP protocol will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match protocol ip Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Related Commands
|
Command |
Description |
|---|---|
|
class-map |
Creates a class map to be used for matching packets to a specified class. |
|
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
|
match access-group |
Configures the match criteria for a class map based on the specified ACL. |
|
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
|
match mpls experimental |
Configures a class map to use the specified value of the experimental field as a match criterion. |
|
match precedence |
Identifies IP precedence values as match criteria. |
|
match protocol (NBAR) |
Configures NBAR to match traffic by a protocol type known to NBAR. |
|
match qos-group |
Configures a class map to use the specified EXP field value as a match criterion. |
match protocol attribute application-group
To configure the match criterion for a class map based on the specified application group, use the match protocol attribute application-group command in class-map configuration mode. To remove the application-group match criterion from the class map, use the no form of this command.
Syntax Description
|
application-group |
Name of the application group as a matching criterion. See the "Usage Guidelines" section for a list of application groups supported by most routers. |
|
application-name |
(Optional) Name of the application. When the application name is specified, the application is configured as the match criterion instead of the application group. |
Usage Guidelines
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) based on an application group. Multiple traffic classes can be created. The following table lists the supported application groups.
| Table 3 | Supported Application Groups |
|
Application Group |
Description |
|---|---|
|
apple-talk-group |
AppleTalk-related applications. |
|
banyan-group |
Banyan-related applications. |
|
bittorrent-group |
Bittorrent-related applications. |
|
corba-group |
Corba-related applications. |
|
edonkey-emule-group |
edonkey-emule-related applications. |
|
fasttrack-group |
Fasttrack-related applications. |
|
flash-group |
Flash-related applications. |
|
fring-group |
Fring-related applications. |
|
ftp-group |
FTP-related applications. |
|
gnutella-group |
Gnutella-related applications. |
|
icq-group |
I Seek You (ICQ)-related applications. |
|
imap-group |
Internet Message Access Protocol (IMAP)-related applications. |
|
irc-group |
Internet Relay Chap (IRC)-related applications. |
|
kerberos-group |
Kerberos-related applications. |
|
ldap-group |
Lightweight Directory Access Protocol (LDAP)-related applications. |
|
my-jabber-group |
My-jabber-related applications. |
|
netbios-group |
NetBIOS-related applications. |
|
nntp-group |
Network News Transfer Protocol (NNTP)-related applications. |
|
npmp-group |
Network Peripheral Management Protocol (NPMP)-group related objectives. |
|
other |
Other applications. |
|
pop3-group |
Post Office Protocol 3 (pop3)-related applications. |
|
prm-group |
Performance Report Message (PRM)-related applications. |
|
skinny-group |
Skinny-related applications. |
|
skype-group |
Skype-related applications. |
|
smtp-group |
Simple Mail Transfer Protocol (SMTP)-related applications. |
|
snmp-group |
Simple Network Management Protocol (SNMP)-related applications. |
|
sqlsvr-group |
Structured Query Language (SQL)-server-related applications. |
|
telepresence-group |
Telepresence-related applications. |
|
tftp-group |
TFTP-related applications. |
|
wap-group |
Wireless Application Protocol (WAP)-related applications. |
|
webex-group |
Webex-related applications. |
|
windows-live-messenger-group |
Windows-live-messenger-related applications. |
|
xns-xerox-group |
Xerox Network Services (XNS)-xerox related applications. |
|
yahoo-messenger-group |
Yahoo Messenger-related applications. |
match protocol attribute category
To configure the match criterion for a class map based on the specified application category, use the match protocol attribute category command in class-map configuration mode. To remove the application category match criterion from the class map, use the no form of this command.
Syntax Description
|
application-category |
Name of the application category used as a matching criterion. See the "Usage Guidelines" section for a list of application categories supported by most routers. |
|
application-name |
(Optional) Name of the application. When the application name is specified, the application is configured as the match criterion instead of the application category. |
Usage Guidelines
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) based on an application category. You can create as many traffic classes as needed.
The following table lists the supported application categories.
| Table 4 | Supported Application Categories |
|
Category Name |
Description |
|---|---|
|
browsing |
Browsing-related applications. |
|
business-and-productivity-tools |
Business and productivity tools-related applications. |
|
|
Email-related applications. |
|
file-sharing |
File-sharing related applications. |
|
gaming |
Gaming-related applications. |
|
industrial-protocols |
Industrial protocols-related applications. |
|
instant-messaging |
Instant messaging-related applications. |
|
internet-privacy |
Internet privacy-related applications. |
|
layer2-non-ip |
Layer2 non-ip-related applications. |
|
layer3-over-ip |
Layer3-over-IP-related applications. |
|
location-based-services |
Location-based services-related applications. |
|
net-admin |
Net-admin-related applications. |
|
newsgroup |
Newsgroup-related applications. |
|
obsolete |
Obsolete applications. |
|
other |
Other applications. |
|
trojan |
Trojan-related applications. |
|
voice-and-video |
Voice and video-related applications. |
match protocol attribute encrypted
To configure the match criterion for a class map based on encryption, use the match protocol attribute encrypted command in class-map configuration mode. To remove the encryption match criterion from the class map, use the no form of this command.
Syntax Description
|
encrypted-no |
Specifies applications without encryption. |
|
encrypted-unassigned |
Specifies applications without an encrypted networking protocol application tag. |
|
encrypted-yes |
Specifies encrypted applications. |
|
application-name |
(Optional) Name of the application. When the application name is specified, the application within the specified encrypted status is configured as the match criterion instead of all the applications within the group. |
Usage Guidelines
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) based on encryption. Multiple traffic classes can be created.
Examples
The following examples show how to specify a class map with encryption as a match criterion:
Router(config)# class-map my-class Router(config-cmap)# match protocol attribute encrypted encrypted-no ayiya-ipv6-tunneled Router(config)# class-map my-class Router(config-cmap)# match protocol attribute encrypted encrypted-unassigned aurora-cmgr Router(config)# class-map my-class Router(config-cmap)# match protocol attribute encrypted encrypted-yes citrix
match protocol attribute sub-category
To configure the match criterion for a class map based on the specified application subcategory, use the match protocol attribute sub-category command in class-map configuration mode. To remove the application subcategory match criterion from the class map, use the no form of this command.
Syntax Description
|
sub-category-name |
Name of the application subcategory used as a matching criterion. See the "Usage Guidelines" section for a list of application subcategories supported by most routers. |
|
application-name |
(Optional) Name of the application. When the application name is specified, the application is configured as the match criterion instead of the subcategory. |
Usage Guidelines
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) based on an application subcategory. You can create as many traffic classes as needed.
lists the supported application subcategories.
| Table 5 | Supported Application Subcategories |
|
Sub-Category Name |
Description |
|---|---|
|
authentication-services |
Authentication services-related applications. |
|
backup-systems |
Backup systems-related applications. |
|
client-server |
Client-server-related applications. |
|
commercial-media-distribution |
Commercial media distribution-related applications. |
|
control-and-signaling |
Control and signaling-related applications. |
|
database |
Database-related applications. |
|
epayement |
Epayement-related applications. |
|
inter-process-rpc |
Inter-process remote procedure call-related applications. |
|
license-manager |
License manager-related applications. |
|
naming-services |
Naming services-related applications. |
|
network-management |
Network management-related applications |
|
network-protocol |
Network protocol-related applications. |
|
other |
Other related applications. |
|
p2p-file-transfer |
Peer-to-peer file transfer-related applications. |
|
p2p-networking |
Peer-to-peer networking-related applications. |
|
remote-access-terminal |
Remote access terminal-related applications. |
|
rich-media-http-content |
Rich media HTTP content-related applications. |
|
routing-protocol |
Routing protocol-related applications. |
|
storage |
Storage-related applications. |
|
streaming |
Streaming-related applications. |
|
terminal |
Terminal-related applications. |
|
tunneling-protocols |
Tunneling protocols-related applications. |
|
voice-video-chat-collaboration |
Voice-video chat collaboration-related applications. |
match protocol attribute tunnel
To configure the match criterion for a class map based on tunneling, use the match protocol attribute tunnel command in class-map configuration mode. To remove the tunneling match criterion from the class map, use the no form of this command.
Syntax Description
|
tunnel-no |
Specifies the applications without tunneling. |
|
tunnel-unassigned |
Specifies the unassigned tunneled applications. |
|
tunnel-yes |
Specifies tunneled applications. |
|
application-name |
(Optional) Name of the application. When the application name is specified, the application within the specified tunneling status is configured as the match criterion instead of all the applications within the tunneling group. |
Usage Guidelines
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) based on tunneling. Multiple traffic classes can be created.
Examples
The following examples show how to specify a class map with tunneling as a match criterion:
Router(config)# class-map mygroup Router(config-cmap)# match protocol attribute tunnel tunnel-no agentx Router(config)# class-map mygroup Router(config-cmap)# match protocol attribute tunnel tunnel-unassigned aris Router(config)# class-map mygroup Router(config-cmap)# match protocol attribute tunnel tunnel-yes rsvp_tunnel
match protocol (NBAR)
To configure Network-Based Application Recognition (NBAR) to match traffic by a protocol type that is known to NBAR, use the matchprotocolcommandinclass map configuration mode. To disable NBAR from matching traffic by a known protocol type, use the no form of this command.
Syntax Description
|
protocol-name |
Particular protocol type that is known to NBAR. These known protocol types can be used to match traffic. For a list of protocol types that are known to NBAR, see the table below in "Usage Guidelines." |
|
variable-field-name |
(Optional and usable only with custom protocols) Predefined variable that was created when you created a custom protocol. The value for the variable-field-nameargument will match the field-name variable entered when you created the custom protocol using theip nbar customcommand. |
|
value |
(Optional and usable only with custom protocols) Specific value in the custom payload to match. A value can be entered along with a value for the variable-field-nameargument only. The value can be expressed in decimal or hexadecimal format. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(5)XE2 |
This command was introduced. |
|
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E, and the variable-field-namevalueargument was added. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.1(13)T |
This command was implemented on Catalyst 6000 family switches without FlexWAN modules. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(17a)SX1 |
This command was integrated into Cisco IOS Release 12.2(17a)SX1. |
|
12.4(2)T |
This command was modified to include support for additional protocols, such as the BitTorrent protocol. |
|
12.4(4)T |
This command was modified to include support for additional protocols, such as the Skype and DirectConnect protocols. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(18)ZY |
This command was integrated into Cisco IOS Release 12.2(18)ZY. This command was modified to enhance NBAR functionality on the Catalyst 6500 series switch that is equipped with the Supervisor 32/programmable intelligent services accelerator (PISA) engine. |
|
12.2(18)ZYA |
This command was modified to integrate NBAR and Firewall Service Module (FWSM) functionality on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine and to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
Cisco IOS XE Release 2.1 |
This command was integrated into Cisco IOS XE Release 2.1 and implemented on Cisco ASR 1000 Series Aggregation Services Routers. |
|
12.2(18)ZYA1 |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
Cisco IOS XE Release 2.3 |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
12.2(18)ZYA2 |
This command was modified to recognize additional protocols, such as the TelePresence protocol. |
|
Cisco IOS XE Release 2.5 |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
12.2XN |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
| 12.4(24)T |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
| 12.4(24)MDA |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
Cisco IOS XE Release 3.4S |
This command was modified to recognize additional protocols as noted in the table below in "Usage Guidelines." |
|
15.1(3)S |
This command was modified. Support was removed from Cisco 7200 series routers. |
Usage Guidelines
Use the matchprotocol(NBAR) command to match protocol types that are known to NBAR. NBAR is capable of classifying the following types of protocols:
- Non-UDP and non-TCP IP protocols
- TCP and UDP protocols that use statically assigned port numbers
- TCP and UDP protocols that use statically assigned port numbers but still require stateful inspection
- TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection
The table below lists the NBAR-supported protocols available in Cisco IOS software, sorted by category. The table also provides information about the protocol type, the well-known port numbers (if applicable), and the syntax for entering the protocol in NBAR. The table is modified as new protocols are added or supported by different releases.
Note | The table below includes the NBAR-supported protocols available with the 12.2(18)ZY and 12.2(18)ZYA releases. Protocols included in the 12.2(18)ZY and 12.2(18)ZYA releases are supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine. |
| Table 6 | NBAR-Supported Protocols |
|
Category |
Protocol |
Type |
WKP/IP Protocol |
Description |
Syntax |
Cisco IOS XE Release |
|---|---|---|---|---|---|---|
|
Enterprise Applications |
Novadigm |
TCP/ UDP |
3460-3465 |
Novadigm Enterprise Desktop Manager (EDM) |
novadigm |
Cisco IOS XE Release 2.3 |
|
Citrix (ICA, CGP, IMA, SB) |
TCP/ UDP |
TCP: 1494, 2512, 2513, 2598 UDP: 1604 |
Citrix ICA traffic |
citrix citrix app citrix ica-tag |
12.1(2)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Oracle |
TCP |
1525 |
Oracle |
ora-srv |
Cisco IOS XE Release 2.3 |
|
|
PCAnywhere |
TCP/UDP |
TCP: 5631, 65301 UDP: 22, 5632 |
Symantic PCAnywhere |
pcanywhere |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SAP |
TCP |
3300-3315 3200-3215 3600-3615 |
Application server to application server traffic (sap-pgm.pdlm) Client to application server traffic (sap-app.pdlm) Client to message server traffic (sap-msg.pdlm) |
sap |
12.1E 12.2T 12.3 12.3T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Exchange 1 |
TCP |
135 |
MS-RPC for Exchange |
exchange |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZY 12.2(18)ZYA 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Routing Protocols |
BGP |
TCP/ UDP |
179 |
Border Gateway Protocol |
bgp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
EGP |
IP |
8 |
Exterior Gateway Protocol |
egp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
EIGRP |
IP |
88 |
Enhanced Interior Gateway Routing Protocol |
eigrp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
OSPF |
IP |
89 |
Open Shortest Path First |
ospf |
12.3(8)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
RIP |
UDP |
520 |
Routing Information Protocol |
rip |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Database |
CIFS |
TCP |
139, 445 |
Common Internet File System |
cifs |
12.2(18)ZYA 12.2(18)ZYA1 |
|
MS-SQLServer |
TCP |
1433 |
Microsoft SQL Server Desktop Videoconferencing |
sqlserver |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 |
|
|
SQL-exec |
TCP/UDP |
9088 |
SQL Exec |
sqlexec |
Cisco IOS XE Release 2.3 |
|
|
SQL*NET |
TCP/ UDP |
1521 |
SQL*NET for Oracle |
sqlnet |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Financial |
FIX |
TCP |
Heuristic |
Financial Information Exchange |
fix |
12.2(18)ZYA 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
Security and Tunneling |
GRE |
IP |
47 |
Generic Routing Encapsulation |
gre |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
IPINIP |
IP |
4 |
IP in IP |
ipinip |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
IPsec |
IP/TCP |
50, 51 TCP-Heuristic |
IP Encapsulating Security Payload/ Authentication- Header |
ipsec |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
L2TP |
UDP |
1701 |
L2F/L2TP Tunnel |
l2tp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
PPTP |
TCP |
1723 |
Point-to-Point Tunneling Protocol for VPN |
pptp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SFTP |
TCP |
990 |
Secure FTP |
secure-ftp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SHTTP |
TCP |
443 |
Secure HTTP |
secure-http |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 Cisco IOS XE Release 2.3 |
|
|
STELNET |
TCP |
992 |
Secure Telnet |
secure-telnet |
Cisco IOS XE Release 2.3 |
|
|
SIMAP |
TCP/ UDP |
585, 993 |
Secure Internet Message Access Protocol |
secure-imap |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SIRC |
TCP/ UDP |
994 |
Secure Internet Relay Chat |
secure-irc |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SLDAP |
TCP/ UDP |
636 |
Secure Lightweight Directory Access Protocol |
secure-ldap |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SNNTP |
TCP/ UDP |
563 |
Secure Network News Transfer Protocol |
secure-nntp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SOCKS |
TCP |
1080 |
Firewall Security Protocol |
socks |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SPOP3 |
TCP/ UDP |
995 |
Secure POP3 |
secure-pop3 |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
SSH |
TCP |
22 |
Secured Shell |
ssh |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
STELNET |
TCP |
992 |
Secure Telnet |
secure-telnet |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Network Management |
ICMP |
IP |
1 |
Internet Control Message Protocol |
icmp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
SNMP |
TCP/ UDP |
161, 162 |
Simple Network Management Protocol |
snmp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Syslog |
UDP |
514 |
System Logging Utility |
syslog |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Network Mail Services |
IMAP |
TCP/ UDP |
143, 220 |
Internet Message Access Protocol |
imap |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
Notes |
TCP/ UDP |
1352 |
Lotus Notes |
notes |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
POP3 |
TCP/ UDP |
110, Heuristic |
Post Office Protocol |
pop3 |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 Cisco IOS XE Release 2.3 |
|
|
SMTP |
TCP |
25, Heuristic |
Simple Mail Transfer Protocol |
smtp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Directory |
DHCP/ BOOTP |
UDP |
67, 68 |
Dynamic Host Configuration Protocol/Bootstrap Protocol |
dhcp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 |
|
DNS |
TCP/ UDP |
53 |
Domain Name System |
dns |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 |
|
|
Finger |
TCP |
79 |
Finger User Information Protocol |
finger |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Kerberos |
TCP/ UDP |
88, 749 |
Kerberos Network Authentication Service |
kerberos |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
LDAP |
TCP/ UDP |
389 |
Lightweight Directory Access Protocol |
ldap |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Internet |
FTP |
TCP |
21, 21000, Heuristic |
File Transfer Protocol |
ftp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 |
|
Gopher |
TCP/ UDP |
70 |
Internet Gopher Protocol |
gopher |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
HTTP |
TCP |
802, Heuristic |
Hypertext Transfer Protocol |
http |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 Cisco IOS XE Release 2.5 |
|
|
IRC |
TCP/ UDP |
194 |
Internet Relay Chat |
irc |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
NNTP |
TCP/ UDP |
119, Heuristic |
Network News Transfer Protocol |
nntp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Telnet |
TCP |
23 |
Telnet Protocol |
telnet |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 |
|
|
TFTP |
UDP |
69 |
Trivial File Transfer Protocol |
tftp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Signaling |
AppleQTC |
TCP/UDP |
458 |
Apple Quick Time |
appleqtc |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
Chargen |
TCP/UDP |
19 |
Character Generator |
chargen |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
ClearCase |
TCP/UDP |
371 |
Clear Case Protocol Software Informer |
clearcase |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
Corba |
TCP/UDP |
683, 684 |
Corba Internet Inter-Orb Protocol (IIOP) |
corba-iiop |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
Daytime |
TCP/UDP |
13 |
Daytime Protocol |
daytime |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
Doom |
TCP/UDP |
666 |
Doom |
doom |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
Echo |
TCP/UDP |
7 |
Echo Protocol |
echo |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
IBM DB2 |
TCP/UDP |
523 |
IBM Information Management |
ibm-db2 |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
IPX |
TCP/UDP |
213 |
Internet Packet Exchange |
server-ipx |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
ISAKMP |
TCP/UDP |
500 |
Internet Security Association and Key Management Protocol |
isakmp |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
ISI-GL |
TCP/UDP |
55 |
Interoperable Self Installation Graphics Language |
isi-gl |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
KLogin |
TCP |
543 |
KLogin |
klogin |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
KShell |
TCP |
544 |
KShell |
kshell |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
LockD |
TCP/UDP |
4045 |
LockD |
lockd |
12.2(18)ZYA Cisco IOS XE Release 2.3 |
|
|
MSSQL |
TCP |
1433 |
Microsoft Structured Query Language (SQL) Server |
mssql |
Cisco IOS XE Release 2.3 |
|
|
RSVP |
IP/ UDP |
IP: 46 UDP: 1698, 1699 |
Resource Reservation Protocol |
rsvp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
RPC |
AOL-messenger |
TCP |
5190, 443 |
AOL Instant Messenger Chat Messages |
aol-messenger |
12.2(18)ZYA 12.2(18)ZYA1 |
|
NFS |
TCP/UDP |
2049 |
Network File System |
nfs |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Sunrpc |
TCP/ UDP |
111, Heuristic |
Sun Remote Procedure Call |
sunrpc |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
Non-IP and LAN/ Legacy |
NetBIOS |
TCP/ UDP |
TCP-137, 138 UDP-137,139 |
NetBIOS over IP (MS Windows) |
netbios |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
Nickname |
TCP/UDP |
43 |
Nickname |
nicname |
12.2(18)ZYA 12.2(18)ZYA1Cisco IOS XE Release 2.3 |
|
|
NPP |
TCP/UDP |
92 |
Network Payment Protocol |
npp |
12.2(18)ZY 12.2(18)ZYA1 Cisco IOS XE Release 2.3 |
|
|
Voice |
Google Talk VoIP |
TCP/UDP |
Dynamically assigned |
Google Talk VoIP Protocol |
gtalk-voip |
12.2XN 12.4(24)MDA |
|
H.323 |
TCP |
Heuristic |
H.323 Teleconferencing Protocol |
h323 |
Cisco IOS XE Release 2.1 |
|
|
MSN VoIP |
UDP |
Dynamically assigned |
MSN Messenger Protocol |
msn-voip |
12.4(24)MDA 12.4(24)T |
|
|
RTCP |
TCP/ UDP |
Dynamically assigned |
Real-Time Control Protocol |
rtcp |
12.1E 12.2T 12.2(18)ZYA1 12.3 12.3T |
|
|
RTP |
TCP/ UDP |
Dynamically assigned |
Real-Time Transport Protocol Payload Classification |
rtp |
12.2(8)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
SIP |
TCP/UPD |
5060 |
Session Initiation Protocol |
sip |
12.3(7)T Cisco IOS XE Release 2.1 12.2(18)ZYA1 Cisco IOS XE Release 2.1 Cisco IOS XE Release 2.3 |
|
|
STUN |
UDP |
Dynamically assigned |
Simple Traversal of UDP through NAT (STUN) |
stun-nat |
12.4(24)MDA 12.4(24)T |
|
|
Skype3 |
TCP/UDP |
TCP-80, Heuristic |
VoIP Client Software |
skype |
Cisco IOS XE Release 2.1 Cisco IOS XE Release 2.5 |
|
|
Yahoo VoIP |
TCP/UDP |
Dynamically assigned |
Yahoo Messenger VoIP Protocol |
yahoo-voip |
12.4(24)MDA 12.4(24)T |
|
|
Desktop Media |
CUSeeMe |
TCP/UDP |
TCP: 7648, 7649 UDP: 24032 |
CU-SeeMe Desktop Video Conference |
cuseeme |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.1 |
|
Streaming Media |
RealAudio |
TCP/ UDP |
Dynamically assigned |
RealAudio Streaming Protocol |
realaudio |
12.0(5)XE2 12.1(1)E 12.1(5)T |
|
RTSP |
TCP |
554, 8554 |
Real-Time Streaming Protocol |
rtsp |
12.2(18)ZYA1 12.3(11)T Cisco IOS XE Release 2.1 |
|
|
StreamWorks |
UDP |
Dynamically assigned |
Xing Technology Stream Works Audio and Video |
streamwork |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 |
|
|
VDOLive |
TCP/ UDP |
Static (7000) with inspection |
VDOLive Streaming Video |
vdolive |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 |
|
|
YouTube4 |
TCP |
Both static (80) and dynamically assigned |
Online Video-Sharing Website |
youtube |
12.2(18)ZYA 12.2(18)ZYA1 |
|
|
Peer-to-Peer File-Sharing Applications |
BitTorrent5 |
TCP |
Heuristic, or 6881-6889 |
BitTorrent File Transfer Traffic |
bittorrent |
12.2(18)ZYA1 12.4(2)T Cisco IOS XE Release 2.5 |
|
DirectConnect |
TCP |
80, 411-413, Heuristic |
Direct Connect File Transfer Traffic |
directconnect |
Cisco IOS XE Release 2.5 |
|
|
eDonkey/eMule6 |
TCP |
80, 4662, Heuristic |
eDonkey File-Sharing Application eMule traffic is also classified as eDonkey traffic in NBAR. |
edonkey |
12.2(18)ZYA1 12.3(11)T Cisco IOS XE Release 2.5 |
|
|
Encrypted Emule |
TCP |
Heuristic |
P2P file sharing encrypted protocol |
encrypted-emule |
Cisco IOS XE Release 3.4S |
|
|
FastTrack |
-- |
Heuristic |
FastTrack traffic |
fasttrack |
12.1(12c)E 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
FastTrack Static |
-- |
Heuristic |
FastTrack Static |
fasttrack-static |
Cisco IOS XE Release 3.3S |
|
|
Gnutella |
TCP/UDP |
Heuristic, or TCP-80, 6346-6349, 6355,5634 |
Gnutella traffic |
gnutella |
Cisco IOS XE Release 2.5 |
|
|
Gnutella Networking |
TCP/UDP |
Heuristic, or UDP-6346-6348 |
Gnutella Networking traffic |
networking-gnutella |
Cisco IOS XE Release 3.4S |
|
|
KaZaA |
TCP/ UPD |
Heuristic |
KaZaA Note that earlier KaZaA version 1 traffic can be classified using FastTrack. |
kazaa2 |
12.2(8)T 12.2(18)ZYA1 Cisco IOS XE Release 2.5 |
|
|
WinMX |
TCP |
6699 |
WinMX Peer-to-Peer File-Sharing |
winmx |
12.2(18)ZYA1 12.3(7)T Cisco IOS XE Release 2.5 |
|
|
Miscellaneous |
3Com AMP3 |
TCP/UDP |
629 |
3Com AMP3 |
3com-amp3 |
Cisco IOS XE Release 3.1S |
|
3Com TSMUX |
TCP/UDP |
106 |
3Com TSMUX |
3com-tsmux |
Cisco IOS XE Release 3.1S |
|
|
3PC |
TCP/UDP |
34 |
Third Party Connect Protocol |
3pc |
Cisco IOS XE Release 3.1S |
|
|
914 C/G |
TCP/UDP |
211 |
Texas Instruments 914 Terminal |
914c/g |
Cisco IOS XE Release 3.1S |
|
|
9PFS |
TCP/UDP |
564 |
Plan 9 file service |
9pfs |
Cisco IOS XE Release 3.1S |
|
|
ACAP |
TCP/UDP |
674 |
ACAP |
acap |
Cisco IOS XE Release 3.1S |
|
|
ACAS |
TCP/UDP |
62 |
ACA Services |
acas |
Cisco IOS XE Release 3.1S |
|
|
AccessBuilder |
TCP/UDP |
888 |
Access Builder |
accessbuilder |
Cisco IOS XE Release 3.1S |
|
|
AccessNetwork |
TCP/UDP |
699 |
Access Network |
accessnetwork |
Cisco IOS XE Release 3.1S |
|
|
ACP |
TCP/UDP |
599 |
Aeolon Core Protocol |
acp |
Cisco IOS XE Release 3.1S |
|
|
ACR-NEMA |
TCP/UDP |
104 |
ACR-NEMA Digital Img |
acr-nema |
Cisco IOS XE Release 3.1S |
|
|
AED-512 |
TCP/UDP |
149 |
AED 512 Emulation service |
aed-512 |
Cisco IOS XE Release 3.1S |
|
|
Agentx |
TCP/UDP |
705 |
AgentX |
agentx |
Cisco IOS XE Release 3.1S |
|
|
Alpes |
TCP/UDP |
463 |
Alpes |
alpes |
Cisco IOS XE Release 3.1S |
|
|
AMInet |
TCP/UDP |
2639 |
AMInet |
aminet |
Cisco IOS XE Release 3.1S |
|
|
AN |
TCP/UDP |
107 |
Active Networks |
an |
Cisco IOS XE Release 3.1S |
|
|
ANET |
TCP/UDP |
212 |
ATEXSSTR |
anet |
Cisco IOS XE Release 3.1S |
|
|
ANSANotify |
TCP/UDP |
116 |
ANSA REX Notify |
ansanotify |
Cisco IOS XE Release 3.1S |
|
|
ANSATrader |
TCP/UDP |
124 |
ansatrader |
ansatrader |
Cisco IOS XE Release 3.1S |
|
|
AODV |
TCP/UDP |
654 |
AODV |
aodv |
Cisco IOS XE Release 3.1S |
|
|
Apertus-LDP |
TCP/UDP |
539 |
Apertus Tech Load Distribution |
apertus-ldp |
Cisco IOS XE Release 3.1S |
|
|
AppleQTC |
TCP/UDP |
458 |
apple quick time |
appleqtc |
Cisco IOS XE Release 3.1S |
|
|
AppleQTSRVR |
TCP/UDP |
545 |
appleqtcsrvr |
appleqtcsrvr |
Cisco IOS XE Release 3.1S |
|
|
Applix |
TCP/UDP |
999 |
Applix ac |
applix |
Cisco IOS XE Release 3.1S |
|
|
ARCISDMS |
TCP/UDP |
262 |
arcisdms |
arcisdms |
Cisco IOS XE Release 3.1S |
|
|
ARGUS |
TCP/UDP |
13 |
ARGUS |
argus |
Cisco IOS XE Release 3.1S |
|
|
Ariel1 |
TCP/UDP |
419 |
Ariel1 |
ariel1 |
Cisco IOS XE Release 3.1S |
|
|
Ariel2 |
TCP/UDP |
421 |
Ariel2 |
ariel2 |
Cisco IOS XE Release 3.1S |
|
|
Ariel3 |
TCP/UDP |
422 |
Ariel3 |
ariel3 |
Cisco IOS XE Release 3.1S |
|
|
ARIS |
TCP/UDP |
104 |
ARIS |
aris |
Cisco IOS XE Release 3.1S |
|
|
ARNS |
TCP/UDP |
384 |
A remote network server system |
arns |
Cisco IOS XE Release 3.1S |
|
|
ASA |
TCP/UDP |
386 |
ASA Message router object def |
asa |
Cisco IOS XE Release 3.1S |
|
|
ASA-Appl-Proto |
TCP/UDP |
502 |
asa-appl-proto |
asa-appl-proto |
Cisco IOS XE Release 3.1S |
|
|
ASIPRegistry |
TCP/UDP |
687 |
asipregistry |
asipregistry |
Cisco IOS XE Release 3.1S |
|
|
ASIP-Webadmin |
TCP/UDP |
311 |
AppleShare IP WebAdmin |
asip-webadmin |
Cisco IOS XE Release 3.1S |
|
|
AS-Servermap |
TCP/UDP |
449 |
AS Server Mapper |
as-servermap |
Cisco IOS XE Release 3.1S |
|
|
AT-3 |
TCP/UDP |
203 |
AppleTalk Unused |
at-3 |
Cisco IOS XE Release 3.1S |
|
|
AT-5 |
TCP/UDP |
205 |
AppleTalk Unused |
at-5 |
Cisco IOS XE Release 3.1S |
|
|
AT-7 |
TCP/UDP |
207 |
AppleTalk Unused |
at-7 |
Cisco IOS XE Release 3.1S |
|
|
AT-8 |
TCP/UDP |
208 |
AppleTalk Unused |
at-8 |
Cisco IOS XE Release 3.1S |
|
|
AT-Echo |
TCP/UDP |
204 |
AppleTalk Echo |
at-echo |
Cisco IOS XE Release 3.1S |
|
|
AT-NBP |
TCP/UDP |
202 |
AppleTalk Name Binding |
at-nbp |
Cisco IOS XE Release 3.1S |
|
|
AT-RTMP |
TCP/UDP |
201 |
AppleTalk Routing Maintenance |
at-rtmp |
Cisco IOS XE Release 3.1S |
|
|
AT-ZIS |
TCP/UDP |
206 |
AppleTalk Zone Information |
at-zis |
Cisco IOS XE Release 3.1S |
|
|
Audit |
TCP/UDP |
182 |
Unisys Audit SITP |
audit |
Cisco IOS XE Release 3.1S |
|
|
Auditd |
TCP/UDP |
48 |
Digital Audit daemon |
auditd |
Cisco IOS XE Release 3.1S |
|
|
Aurora-CMGR |
TCP/UDP |
364 |
Aurora CMGR |
aurora-cmgr |
Cisco IOS XE Release 3.1S |
|
|
AURP |
TCP/UDP |
387 |
Appletalk Update-Based Routing Protocol |
aurp |
Cisco IOS XE Release 3.1S |
|
|
AUTH |
TCP/UDP |
113 |
Authentication Service |
auth |
Cisco IOS XE Release 3.1S |
|
|
Avian |
TCP/UDP |
486 |
avian |
avian |
Cisco IOS XE Release 3.1S |
|
|
AX25 |
TCP/UDP |
93 |
AX.25 Frames |
ax25 |
Cisco IOS XE Release 3.1S |
|
|
Banyan-RPC |
TCP/UDP |
567 |
Banyan-RPC |
banyan-rpc |
Cisco IOS XE Release 3.1S |
|
|
Banyan-VIP |
TCP/UDP |
573 |
Banyan-VIP |
banyan-vip |
Cisco IOS XE Release 3.1S |
|
|
BBNRCCMON |
TCP/UDP |
10 |
BBN RCC Monitoring |
bbnrccmon |
Cisco IOS XE Release 3.1S |
|
|
BDP |
TCP/UDP |
581 |
Bundle Discovery protocol |
bdp |
Cisco IOS XE Release 3.1S |
|
|
BFTP |
TCP/UDP |
152 |
Background File Transfer Program |
bftp |
Cisco IOS XE Release 3.1S |
|
|
BGMP |
TCP/UDP |
264 |
Border Gateway Multicast Protocol |
bgmp |
Cisco IOS XE Release 3.1S |
|
|
BGP |
TCP/UDP |
179 |
Border Gateway Protocol |
bgp |
Cisco IOS XE Release 3.1S |
|
|
BGS-NSI |
TCP/UDP |
482 |
BGS-NSI |
bgs-nsi |
Cisco IOS XE Release 3.1S |
|
|
Bhevent |
TCP/UDP |
357 |
Bhevent |
bhevent |
Cisco IOS XE Release 3.1S |
|
|
BHFHS |
TCP/UDP |
248 |
BHFHS |
bhfhs |
Cisco IOS XE Release 3.1S |
|
|
BHMDS |
TCP/UDP |
310 |
BHMDS |
bhmds |
Cisco IOS XE Release 3.1S |
|
|
BL-IDM |
TCP/UDP |
142 |
Britton Lee IDM |
bl-idm |
Cisco IOS XE Release 3.1S |
|
|
BMPP |
TCP/UDP |
632 |
BMPP |
bmpp |
Cisco IOS XE Release 3.1S |
|
|
BNA |
TCP/UDP |
49 |
BNA |
bna |
Cisco IOS XE Release 3.1S |
|
|
Bnet |
TCP/UDP |
415 |
BNET |
bnet |
Cisco IOS XE Release 3.1S |
|
|
Borland-DSJ |
TCP/UDP |
707 |
Borland-dsj |
borland-dsj |
Cisco IOS XE Release 3.1S |
|
|
BR-SAT-Mon |
TCP/UDP |
76 |
Backroom SATNET Monitoring |
br-sat-mon |
Cisco IOS XE Release 3.1S |
|
|
Cableport-AX |
TCP/UDP |
282 |
Cable Port A/X |
cableport-ax |
Cisco IOS XE Release 3.1S |
|
|
Cab-Protocol |
TCP/UDP |
595 |
CAB Protocol |
cab-protocol |
Cisco IOS XE Release 3.1S |
|
|
Cadlock |
TCP/UDP |
770 |
Cadlock |
cadlock |
Cisco IOS XE Release 3.1S |
|
|
CAIlic |
TCP/UDP |
216 |
Computer Associates Intl License Server |
CAIlic |
Cisco IOS XE Release 3.1S |
|
|
CBT |
TCP/UDP |
7 |
CBT |
cbt |
Cisco IOS XE Release 3.1S |
|
|
CDC |
TCP/UDP |
223 |
Certificate Distribution Center |
cdc |
Cisco IOS XE Release 3.1S |
|
|
CFDPTKT |
TCP/UDP |
120 |
cfdptkt |
cfdptkt |
Cisco IOS XE Release 3.1S |
|
|
CFTP |
TCP/UDP |
62 |
CFTP |
cftp |
Cisco IOS XE Release 3.1S |
|
|
CHAOS |
TCP/UDP |
16 |
Chaos |
chaos |
Cisco IOS XE Release 3.1S |
|
|
CharGen |
TCP/UDP |
19 |
Character Generator |
chargen |
Cisco IOS XE Release 3.1S |
|
|
ChShell |
TCP/UDP |
562 |
chcmd |
chshell |
Cisco IOS XE Release 3.1S |
|
|
Cimplex |
TCP/UDP |
673 |
Cimplex |
cimplex |
Cisco IOS XE Release 3.1S |
|
|
Cisco-FNA |
TCP/UDP |
130 |
Cisco FNATIVE |
cisco-fna |
Cisco IOS XE Release 3.1S |
|
|
Cisco-phone7 |
UDP |
5060 |
Cisco IP Phones and PC-Based Unified Communicators |
cisco-phone |
12.2(18)ZYA 12.2(18)ZYA1 |
|
|
Cisco-SYS |
TCP/UDP |
132 |
Cisco SYSMAINT |
cisco-sys |
Cisco IOS XE Release 3.1S |
|
|
Cisco-TDP |
TCP/UDP |
711 |
Cisco TDP |
cisco-tdp |
Cisco IOS XE Release 3.1S |
|
|
Cisco-TNA |
TCP/UDP |
131 |
Cisco TNATIVE |
cisco-tna |
Cisco IOS XE Release 3.1S |
|
|
Clearcase |
TCP/UDP |
371 |
Clearcase |
clearcase |
Cisco IOS XE Release 3.1S |
|
|
Cloanto-Net-1 |
TCP/UDP |
356 |
Cloanto-net-1 |
cloanto-net-1 |
Cisco IOS XE Release 3.1S |
|
|
CMIP-Agent |
TCP/UDP |
164 |
CMIP/TCP Agent |
cmip-agent |
Cisco IOS XE Release 3.1S |
|
|
CMIP-Man |
TCP/UDP |
163 |
CMIP/TCP Manager |
cmip-man |
Cisco IOS XE Release 3.1S |
|
|
Coauthor |
TCP/UDP |
1529 |
Oracle |
coauthor |
Cisco IOS XE Release 3.1S |
|
|
Codaauth2 |
TCP/UDP |
370 |
Codaauth2 |
codaauth2 |
Cisco IOS XE Release 3.1S |
|
|
Collaborator |
TCP/UDP |
622 |
Collaborator |
collaborator |
Cisco IOS XE Release 3.1S |
|
|
Commerce |
TCP/UDP |
542 |
Commerce |
commerce |
Cisco IOS XE Release 3.1S |
|
|
Compaq-Peer |
TCP/UDP |
110 |
Compaq Peer Protocol |
compaq-peer |
Cisco IOS XE Release 3.1S |
|
|
Compressnet |
TCP/UDP |
2 |
Management Utility |
compressnet |
Cisco IOS XE Release 3.1S |
|
|
COMSCM |
TCP/UDP |
437 |
COMSCM |
comscm |
Cisco IOS XE Release 3.1S |
|
|
CON |
TCP/UDP |
759 |
Con |
con |
Cisco IOS XE Release 3.1S |
|
|
Conference |
TCP/UDP |
531 |
Chat |
conference |
Cisco IOS XE Release 3.1S |
|
|
Connendp |
TCP/UDP |
693 |
Almanid Connection Endpoint |
connendp |
Cisco IOS XE Release 3.1S |
|
|
ContentServer |
TCP/UDP |
3365 |
Contentserver |
contentserver |
Cisco IOS XE Release 3.1S |
|
|
CoreRJD |
TCP/UDP |
284 |
Corerjd |
corerjd |
Cisco IOS XE Release 3.1S |
|
|
Courier |
TCP/UDP |
530 |
RPC |
courier |
Cisco IOS XE Release 3.1S |
|
|
Covia |
TCP/UDP |
64 |
Communications Integrator |
covia |
Cisco IOS XE Release 3.1S |
|
|
CPHB |
TCP/UDP |
73 |
Computer Protocol Heart Beat |
cphb |
Cisco IOS XE Release 3.1S |
|
|
CPNX |
TCP/UDP |
72 |
Computer Protocol Network Executive |
cpnx |
Cisco IOS XE Release 3.1S |
|
|
Creativepartnr |
TCP/UDP |
455 |
Creativepartnr |
creativepartnr |
Cisco IOS XE Release 3.1S |
|
|
Creativeserver |
TCP/UDP |
453 |
Creativeserver |
creativeserver |
Cisco IOS XE Release 3.1S |
|
|
CRS |
TCP/UDP |
507 |
CRS |
crs |
Cisco IOS XE Release 3.1S |
|
|
CRTP |
TCP/UDP |
126 |
Combat Radio Transport Protocol |
crtp |
Cisco IOS XE Release 3.1S |
|
|
CRUDP |
TCP/UDP |
127 |
Combat Radio User Datagram |
crudp |
Cisco IOS XE Release 3.1S |
|
|
CryptoAdmin |
TCP/UDP |
624 |
Crypto Admin |
cryptoadmin |
Cisco IOS XE Release 3.1S |
|
|
CSI-SGWP |
TCP/UDP |
348 |
Cabletron Management Protocol |
csi-sgwp |
Cisco IOS XE Release 3.1S |
|
|
CSNET-NS |
TCP/UDP |
105 |
Mailbox Name Nameserver |
csnet-ns |
Cisco IOS XE Release 3.1S |
|
|
CTF |
TCP/UDP |
84 |
Common Trace Facility |
ctf |
Cisco IOS XE Release 3.1S |
|
|
CUSTIX |
TCP/UDP |
528 |
Customer Ixchange |
custix |
Cisco IOS XE Release 3.1S |
|
|
CVC_Hostd |
TCP/UDP |
442 |
CVC_Hostd |
cvc_hostd |
Cisco IOS XE Release 3.1S |
|
|
Cybercash |
TCP/UDP |
551 |
Cybercash |
cybercash |
Cisco IOS XE Release 3.1S |
|
|
Cycleserv |
TCP/UDP |
763 |
Cycleserv |
cycleserv |
Cisco IOS XE Release 3.1S |
|
|
Cycleserv2 |
TCP/UDP |
772 |
Cycleserv2 |
cycleserv2 |
Cisco IOS XE Release 3.1S |
|
|
Dantz |
TCP/UDP |
497 |
Dantz |
dantz |
Cisco IOS XE Release 3.1S |
|
|
DASP |
TCP/UDP |
439 |
Dasp |
dasp |
Cisco IOS XE Release 3.1S |
|
|
DataSurfSRV |
TCP/UDP |
461 |
DataRamp Svr |
datasurfsrv |
Cisco IOS XE Release 3.1S |
|
|
DataSurfSRVSec |
TCP/UDP |
462 |
DataRamp Svr svs |
datasurfsrvsec |
Cisco IOS XE Release 3.1S |
|
|
Datex-ASN |
TCP/UDP |
355 |
datex-asn |
datex-asn |
Cisco IOS XE Release 3.1S |
|
|
Daytime |
TCP/UDP |
13 |
Daytime (RFC 867) |
daytime |
Cisco IOS XE Release 3.1S |
|
|
Dbase |
TCP/UDP |
217 |
dBASE Unix |
dbase |
Cisco IOS XE Release 3.1S |
|
|
DCCP |
TCP/UDP |
33 |
Datagram Congestion Control Protocol |
dccp |
Cisco IOS XE Release 3.1S |
|
|
DCN-Meas |
TCP/UDP |
19 |
DCN Measurement Subsystems |
dcn-meas |
Cisco IOS XE Release 3.1S |
|
|
DCP |
TCP/UDP |
93 |
Device Control Protocol |
dcp |
Cisco IOS XE Release 3.1S |
|
|
DCTP |
TCP/UDP |
675 |
DCTP |
dctp |
Cisco IOS XE Release 3.1S |
|
|
DDM-DFM |
TCP/UDP |
447 |
DDM Distributed File management |
ddm-dfm |
Cisco IOS XE Release 3.1S |
|
|
DDM-RDB |
TCP/UDP |
446 |
DDM-Remote Relational Database Access |
ddm-rdb |
Cisco IOS XE Release 3.1S |
|
|
DDM-SSL |
TCP/UDP |
448 |
DDM-Remote DB Access Using Secure Sockets |
ddm-ssl |
Cisco IOS XE Release 3.1S |
|
|
DDP |
TCP/UDP |
37 |
Datagram Delivery Protocol |
ddp |
Cisco IOS XE Release 3.1S |
|
|
DDX |
TCP/UDP |
116 |
D-II Data Exchange |
ddx |
Cisco IOS XE Release 3.1S |
|
|
DEC_DLM |
TCP/UDP |
625 |
dec_dlm |
dec_dlm |
Cisco IOS XE Release 3.1S |
|
|
Decap |
TCP/UDP |
403 |
Decap |
decap |
Cisco IOS XE Release 3.1S |
|
|
Decauth |
TCP/UDP |
316 |
Decauth |
decauth |
Cisco IOS XE Release 3.1S |
|
|
Decbsrv |
TCP/UDP |
579 |
Decbsrv |
decbsrv |
Cisco IOS XE Release 3.1S |
|
|
Decladebug |
TCP/UDP |
410 |
DECLadebug Remote Debug Protocol |
decladebug |
Cisco IOS XE Release 3.1S |
|
|
Decvms-sysmgt |
TCP/UDP |
441 |
Decvms-sysmgt |
decvms-sysmgt |
Cisco IOS XE Release 3.1S |
|
|
DEI-ICDA |
TCP/UDP |
618 |
dei-icda |
dei-icda |
Cisco IOS XE Release 3.1S |
|
|
DEOS |
TCP/UDP |
76 |
Distributed External Object Store |
deos |
Cisco IOS XE Release 3.1S |
|
|
Device |
TCP/UDP |
801 |
Device |
device |
Cisco IOS XE Release 3.1S |
|
|
DGP |
TCP/UDP |
86 |
Dissimilar Gateway Protocol |
dgp |
Cisco IOS XE Release 3.1S |
|
|
DHCP-Failover |
TCP/UDP |
647 |
DHCP Failover |
dhcp-failover |
Cisco IOS XE Release 3.1S |
|
|
DHCP-Failover2 |
TCP/UDP |
847 |
dhcp-failover2 |
dhcp-failover2 |
Cisco IOS XE Release 3.1S |
|
|
DHCPv6-client |
TCP/UDP |
546 |
DHCPv6 Client |
dhcpv6-client |
Cisco IOS XE Release 3.1S |
|
|
DHCPv6-server |
TCP/UDP |
547 |
DHCPv6 Server |
dhcpv6-server |
Cisco IOS XE Release 3.1S |
|
|
Dicom |
TCP/UDP |
Heuristic |
Digital Imaging and Communications in Medicine |
dicom |
12.2(18)ZYA 12.2(18)ZYA1 Cisco IOS XE Release 3.3S |
|
|
Digital-VRC |
TCP/UDP |
466 |
digital-vrc |
digital-vrc |
Cisco IOS XE Release 3.1S |
|
|
Directplay |
TCP/UDP |
2234 |
DirectPlay |
directplay |
Cisco IOS XE Release 3.1S |
|
|
Directplay8 |
TCP/UDP |
6073 |
DirectPlay8 |
directplay8 |
Cisco IOS XE Release 3.1S |
|
|
Directv-Catlg |
TCP/UDP |
3337 |
Direct TV Data Catalog |
directv-catlg |
Cisco IOS XE Release 3.1S |
|
|
Directv-Soft |
TCP/UDP |
3335 |
Direct TV Software Updates |
directv-soft |
Cisco IOS XE Release 3.1S |
|
|
Directv-Tick |
TCP/UDP |
3336 |
Direct TV Tickers |
directv-tick |
Cisco IOS XE Release 3.1S |
|
|
Directv-Web |
TCP/UDP |
3334 |
Direct TV Webcasting |
directv-web |
Cisco IOS XE Release 3.1S |
|
|
Discard |
TCP/UDP |
9 |
Discard |
discard |
Cisco IOS XE Release 3.1S |
|
|
Disclose |
TCP/UDP |
667 |
campaign contribution disclosures |
disclose |
Cisco IOS XE Release 3.1S |
|
|
Dixie |
TCP/UDP |
96 |
DIXIE Protocol Specification |
dixie |
Cisco IOS XE Release 3.1S |
|
|
DLS |
TCP/UDP |
197 |
Directory Location Service |
dls |
Cisco IOS XE Release 3.1S |
|
|
DLS-Mon |
TCP/UDP |
198 |
Directory Location Service Monitor |
dls-mon |
Cisco IOS XE Release 3.1S |
|
|
DN6-NLM-AUD |
TCP/UDP |
195 |
DNSIX Network Level Module Audit |
dn6-nlm-aud |
Cisco IOS XE Release 3.1S |
|
|
DNA-CML |
TCP/UDP |
436 |
DNA-CML |
dna-cml |
Cisco IOS XE Release 3.1S |
|
|
DNS |
TCP/UDP |
53 |
Domain Name Server lookup |
dns |
Cisco IOS XE Release 3.1S |
|
|
DNSIX |
TCP/UDP |
90 |
DNSIX Security Attribute Token Map |
dnsix |
Cisco IOS XE Release 3.1S |
|
|
DOOM |
TCP/UDP |
666 |
Doom Id Software |
doom |
Cisco IOS XE Release 3.1S |
|
|
DPSI |
TCP/UDP |
315 |
DPSI |
dpsi |
Cisco IOS XE Release 3.1S |
|
|
DSFGW |
TCP/UDP |
438 |
DSFGW |
dsfgw |
Cisco IOS XE Release 3.1S |
|
|
DSP |
TCP/UDP |
33 |
Display Support Protocol |
dsp |
Cisco IOS XE Release 3.1S |
|
|
DSP3270 |
TCP/UDP |
246 |
Display Systems Protocol |
dsp3270 |
Cisco IOS XE Release 3.1S |
|
|
DSR |
TCP/UDP |
48 |
Dynamic Source Routing Protocol |
dsr |
Cisco IOS XE Release 3.1S |
|
|
DTAG-DTE-SB |
TCP/UDP |
352 |
DTAG |
dtag-ste-sb |
Cisco IOS XE Release 3.1S |
|
|
DTK |
TCP/UDP |
365 |
DTK |
dtk |
Cisco IOS XE Release 3.1S |
|
|
DWR |
TCP/UDP |
644 |
DWR |
dwr |
Cisco IOS XE Release 3.1S |
|
|
Echo |
TCP/UDP |
7 |
Echo |
echo |
Cisco IOS XE Release 3.1S |
|
|
EGP |
TCP/UDP |
8 |
Exterior Gateway Protocol |
egp |
Cisco IOS XE Release 3.1S |
|
|
EIGRP |
TCP/UDP |
88 |
Enhanced Interior Gateway Routing Protocol |
eigrp |
Cisco IOS XE Release 3.1S |
|
|
ELCSD |
TCP/UDP |
704 |
errlog copy/server daemon |
elcsd |
Cisco IOS XE Release 3.1S |
|
|
EMBL-NDT |
TCP/UDP |
394 |
EMBL Nucleic Data Transfer |
embl-ndt |
Cisco IOS XE Release 3.1S |
|
|
EMCON |
TCP/UDP |
14 |
EMCON |
emcon |
Cisco IOS XE Release 3.1S |
|
|
EMFIS-CNTLl |
TCP/UDP |
141 |
EMFIS Control Service |
emfis-cntl |
Cisco IOS XE Release 3.1S |
|
|
EMFIS-Data |
TCP/UDP |
140 |
EMFIS Data Service |
emfis-data |
Cisco IOS XE Release 3.1S |
|
|
Encap |
TCP/UDP |
98 |
Encapsulation Header |
encap |
Cisco IOS XE Release 3.1S |
|
|
Encrypted Bittorrent |
TCP |
Heuristic |
Encrypted Bittorrent |
encrypted-bittorrent |
Cisco IOS XE Release 3.4S |
|
|
Entomb |
TCP/UDP |
775 |
Entomb |
entomb |
Cisco IOS XE Release 3.1S |
|
|
Entrust-AAAS |
TCP/UDP |
680 |
Entrust-aaas |
entrust-aaas |
Cisco IOS XE Release 3.1S |
|
|
Entrust-AAMS |
TCP/UDP |
681 |
Entrust-aams |
entrust-aams |
Cisco IOS XE Release 3.1S |
|
|
Entrust-ASH |
TCP/UDP |
710 |
Entrust Administration Service Handler |
entrust-ash |
Cisco IOS XE Release 3.1S |
|
|
Entrust-KMSH |
TCP/UDP |
709 |
Entrust Key Management Service Handler |
entrust-kmsh |
Cisco IOS XE Release 3.1S |
|
|
Entrust-SPS |
TCP/UDP |
640 |
entrust-sps |
entrust-sps |
Cisco IOS XE Release 3.1S |
|
|
ERPC |
TCP/UDP |
121 |
Encore Expedited Remote Pro.Call |
erpc |
Cisco IOS XE Release 3.1S |
|
|
ESCP-IP |
TCP/UDP |
621 |
escp-ip |
escp-ip |
Cisco IOS XE Release 3.1S |
|
|
ESRO-GEN |
TCP/UDP |
259 |
Efficient Short Remote Operations |
esro-gen |
Cisco IOS XE Release 3.1S |
|
|
ESRP-EMSDP |
TCP/UDP |
642 |
ESRO-EMSDP V1.3 |
esro-emsdp |
Cisco IOS XE Release 3.1S |
|
|
EtherIP |
TCP/UDP |
97 |
Ethernet-within-IP Encapsulation |
etherip |
Cisco IOS XE Release 3.1S |
|
|
Eudora-Set |
TCP/UDP |
592 |
Eudora Set |
eudora-set |
Cisco IOS XE Release 3.1S |
|
|
EXEC |
TCP/UDP |
512 |
remote process execution; |
exec |
Cisco IOS XE Release 3.1S |
|
|
Fatserv |
TCP/UDP |
347 |
Fatmen Server |
fatserv |
Cisco IOS XE Release 3.1S |
|
|
FC |
TCP/UDP |
133 |
Fibre Channel |
fc |
Cisco IOS XE Release 3.1S |
|
|
FCP |
TCP/UDP |
510 |
FirstClass Protocol |
fcp |
Cisco IOS XE Release 3.1S |
|
|
Finger |
TCP/UDP |
79 |
Finger |
finger |
Cisco IOS XE Release 3.1S |
|
|
FIRE |
TCP/UDP |
125 |
FIRE |
fire |
Cisco IOS XE Release 3.1S |
|
|
FlexLM |
TCP/UDP |
744 |
Flexible License Manager |
flexlm |
Cisco IOS XE Release 3.1S |
|
|
FLN-SPX |
TCP/UDP |
221 |
Berkeley rlogind with SPX auth |
fln-spx |
Cisco IOS XE Release 3.1S |
|
|
FTP-Agent |
TCP/UDP |
574 |
FTP Software Agent System |
ftp-agent |
Cisco IOS XE Release 3.1S |
|
|
FTP-Data |
TCP/UDP |
20 |
File Transfer |
ftp-data |
Cisco IOS XE Release 3.1S |
|
|
FTPS-Data |
TCP/UDP |
989 |
ftp protocol, data, over TLS/SSL |
ftps-data |
Cisco IOS XE Release 3.1S |
|
|
Fujitsu-Dev |
TCP/UDP |
747 |
Fujitsu Device Control |
fujitsu-dev |
Cisco IOS XE Release 3.1S |
|
|
GACP |
TCP/UDP |
190 |
Gateway Access Control Protocol |
gacp |
Cisco IOS XE Release 3.1S |
|
|
GDOMAP |
TCP/UDP |
538 |
gdomap |
gdomap |
Cisco IOS XE Release 3.1S |
|
|
Genie |
TCP/UDP |
402 |
Genie Protocol |
genie |
Cisco IOS XE Release 3.1S |
|
|
Genrad-MUX |
TCP/UDP |
176 |
Genrad-mux |
genrad-mux |
Cisco IOS XE Release 3.1S |
|
|
GGF-NCP |
TCP/UDP |
678 |
GNU Generation Foundation NCP |
ggf-ncp |
Cisco IOS XE Release 3.1S |
|
|
GGP |
TCP/UDP |
3 |
Gateway-to-Gateway |
ggp |
Cisco IOS XE Release 3.1S |
|
|
Ginad |
TCP/UDP |
634 |
ginad |
ginad |
Cisco IOS XE Release 3.1S |
|
|
GMTP |
TCP/UDP |
100 |
GMTP |
gmtp |
Cisco IOS XE Release 3.1S |
|
|
Go-Login |
TCP/UDP |
491 |
Go-login |
go-login |
Cisco IOS XE Release 3.1S |
|
|
Gopher |
TCP/UDP |
70 |
Gopher |
gopher |
Cisco IOS XE Release 3.1S |
|
|
Graphics |
TCP/UDP |
41 |
Graphics |
graphics |
Cisco IOS XE Release 3.1S |
|
|
GRE |
TCP/UDP |
47 |
General Routing Encapsulation |
gre |
Cisco IOS XE Release 3.1S |
|
|
Groove |
TCP/UDP |
2492 |
Groove |
groove |
Cisco IOS XE Release 3.1S |
|
|
GSS-HTTP |
TCP/UDP |
488 |
gss-http |
gss-http |
Cisco IOS XE Release 3.1S |
|
|
GSS-XLICEN |
TCP/UDP |
128 |
GNU Generation Foundation NCP |
gss-xlicen |
Cisco IOS XE Release 3.1S |
|
|
GTP-User |
TCP/UDP |
2152 |
GTP-User Plane |
gtp-user |
Cisco IOS XE Release 3.1S |
|
|
HA-Cluster |
TCP/UDP |
694 |
ha-cluster |
ha-cluster |
Cisco IOS XE Release 3.1S |
|
|
HAP |
TCP/UDP |
661 |
hap |
hap |
Cisco IOS XE Release 3.1S |
|
|
Hassle |
TCP/UDP |
375 |
Hassle |
hassle |
Cisco IOS XE Release 3.1S |
|
|
HCP-Wismar |
TCP/UDP |
686 |
Hardware Control Protocol Wismar |
hcp-wismar |
Cisco IOS XE Release 3.1S |
|
|
HDAP |
TCP/UDP |
263 |
hdap |
hdap |
Cisco IOS XE Release 3.1S |
|
|
Hello-port |
TCP/UDP |
652 |
HELLO_PORT |
hello-port |
Cisco IOS XE Release 3.1S |
|
|
HEMS |
TCP/UDP |
151 |
hems |
hems |
Cisco IOS XE Release 3.1S |
|
|
HIP |
TCP/UDP |
139 |
Host Identity Protocol |
hip |
Cisco IOS XE Release 3.1S |
|
|
HL7 |
TCP |
Dynamically assigned |
Health Level Seven |
hl7 |
12.2(18)ZYA 12.2(18)ZYA1 |
|
|
HMMP-IND |
TCP/UDP |
612 |
HMMP Indication |
hmmp-ind |
Cisco IOS XE Release 3.1S |
|
|
HMMP-OP |
TCP/UDP |
613 |
HMMP Operation |
hmmp-op |
Cisco IOS XE Release 3.1S |
|
|
HMP |
TCP/UDP |
20 |
Host Monitoring |
hmp |
Cisco IOS XE Release 3.1S |
|
|
HOPOPT |
TCP/UDP |
0 |
IPv6 Hop-by-Hop Option |
hopopt |
Cisco IOS XE Release 3.1S |
|
|
Hostname |
TCP/UDP |
101 |
NIC Host Name Server |
hostname |
Cisco IOS XE Release 3.1S |
|
|
HP-Alarm-Mgr |
TCP/UDP |
383 |
HP performance data alarm manager |
hp-alarm-mgr |
Cisco IOS XE Release 3.1S |
|
|
HP-Collector |
TCP/UDP |
381 |
HP performance data collector |
hp-collector |
Cisco IOS XE Release 3.1S |
|
|
HP-Managed-Node |
TCP/UDP |
382 |
HP performance data managed node |
hp-managed-node |
Cisco IOS XE Release 3.1S |
|
|
HTTP-ALT |
TCP/UDP |
8080 |
HTTP Alternate |
http-alt |
Cisco IOS XE Release 3.1S |
|
|
HTTP-Mgmt |
TCP/UDP |
280 |
http-mgmt |
http-mgmt |
Cisco IOS XE Release 3.1S |
|
|
HTTP-RPC-EPMAP |
TCP/UDP |
593 |
HTTP RPC Ep Map |
http-rpc-epmap |
Cisco IOS XE Release 3.1S |
|
|
Hybrid-POP |
TCP/UDP |
473 |
Hybrid-pop |
hybrid-pop |
Cisco IOS XE Release 3.1S |
|
|
Hyper-G |
TCP/UDP |
418 |
Hyper-g |
hyper-g |
Cisco IOS XE Release 3.1S |
|
|
Hyperwave-ISP |
TCP/UDP |
692 |
Hyperwave-isp |
hyperwave-isp |
Cisco IOS XE Release 3.1S |
|
|
IAFDBase |
TCP/UDP |
480 |
iafdbase |
iafdbase |
Cisco IOS XE Release 3.1S |
|
|
IAFServer |
TCP/UDP |
479 |
iafserver |
iafserver |
Cisco IOS XE Release 3.1S |
|
|
IASD |
TCP/UDP |
432 |
iasd |
iasd |
Cisco IOS XE Release 3.1S |
|
|
IATP |
TCP/UDP |
117 |
Interactive Agent Transfer Protocol |
iatp |
Cisco IOS XE Release 3.1S |
|
|
IBM-App |
TCP/UDP |
385 |
IBM Application |
ibm-app |
Cisco IOS XE Release 3.1S |
|
|
IBM-DB2 |
TCP/UDP |
523 |
IBM-DB2 |
ibm-db2 |
Cisco IOS XE Release 3.1S |
|
|
IBProtocol |
TCP/UDP |
6714 |
Internet Backplane Protocol |
ibprotocol |
Cisco IOS XE Release 3.1S |
|
|
ICLCNet-Locate |
TCP/UDP |
886 |
ICL coNETion locate server |
iclcnet-locate |
Cisco IOS XE Release 3.1S |
|
|
ICLNet_SVInfo |
TCP/UDP |
887 |
ICL coNETion server info |
iclcnet_svinfo |
Cisco IOS XE Release 3.1S |
|
|
ICMP |
TCP/UDP |
1 |
Internet Control Message |
icmp |
Cisco IOS XE Release 3.1S |
|
|
IDFP |
TCP/UDP |
549 |
idfp |
idfp |
Cisco IOS XE Release 3.1S |
|
|
IDPR |
TCP/UDP |
35 |
Inter-Domain Policy Routing Protocol |
idpr |
Cisco IOS XE Release 3.1S |
|
|
IDPRr-CMTP |
TCP/UDP |
38 |
IDPR Control Message Transport Protocol |
idpr-cmtp |
Cisco IOS XE Release 3.1S |
|
|
IDRP |
TCP/UDP |
45 |
Inter-Domain Routing Protocol |
idrp |
Cisco IOS XE Release 3.1S |
|
|
IEEE-MMS |
TCP/UDP |
651 |
ieee-mms |
ieee-mms |
Cisco IOS XE Release 3.1S |
|
|
IEEE-MMS-SSL |
TCP/UDP |
695 |
ieee-mms-ssl |
ieee-mms-ssl |
Cisco IOS XE Release 3.1S |
|
|
IFMP |
TCP/UDP |
101 |
Ipsilon Flow Management Protocol |
ifmp |
Cisco IOS XE Release 3.1S |
|
|
IGRP |
TCP/UDP |
9 |
Cisco interior gateway |
igrp |
Cisco IOS XE Release 3.1S |
|
|
IIOP |
TCP/UDP |
535 |
iiop |
iiop |
Cisco IOS XE Release 3.1S |
|
|
IL |
TCP/UDP |
40 |
IL Transport Protocol |
il |
Cisco IOS XE Release 3.1S |
|
|
IMSP |
TCP/UDP |
406 |
Interactive Mail Support Protocol |
imsp |
Cisco IOS XE Release 3.1S |
|
|
InBusiness |
TCP/UDP |
244 |
Inbusiness |
inbusiness |
Cisco IOS XE Release 3.1S |
|
|
Infoseek |
TCP/UDP |
414 |
InfoSeek |
infoseek |
Cisco IOS XE Release 3.1S |
|
|
Ingres-Net |
TCP/UDP |
134 |
INGRES-NET Service |
ingres-net |
Cisco IOS XE Release 3.1S |
|
|
I-NLSP |
TCP/UDP |
52 |
Integrated Net Layer Security TUBA |
i-nlsp |
Cisco IOS XE Release 3.1S |
|
|
Intecourier |
TCP/UDP |
495 |
Intecourier |
intecourier |
Cisco IOS XE Release 3.1S |
|
|
Integra-SME |
TCP/UDP |
484 |
Integra Software Management Environment |
integra-sme |
Cisco IOS XE Release 3.1S |
|
|
Intrinsia |
TCP/UDP |
503 |
intrinsa |
intrinsa |
Cisco IOS XE Release 3.1S |
|
|
IPCD |
TCP/UDP |
576 |
ipcd |
ipcd |
Cisco IOS XE Release 3.1S |
|
|
IPComp |
TCP/UDP |
108 |
IP Payload Compression Protocol |
ipcomp |
Cisco IOS XE Release 3.1S |
|
|
IPCServer |
TCP/UDP |
600 |
Sun IPC server |
ipcserver |
Cisco IOS XE Release 3.1S |
|
|
IPCV |
TCP/UDP |
71 |
Internet Packet Core Utility |
ipcv |
Cisco IOS XE Release 3.1S |
|
|
IPDD |
TCP/UDP |
578 |
ipdd |
ipdd |
Cisco IOS XE Release 3.1S |
|
|
IPINIP |
TCP/UDP |
4 |
IP in IP |
ipinip |
Cisco IOS XE Release 3.1S |
|
|
IPIP |
TCP/UDP |
94 |
IP-within-IP Encapsulation Protocol |
ipip |
Cisco IOS XE Release 3.1S |
|
|
IPLT |
TCP/UDP |
129 |
IPLT |
iplt |
Cisco IOS XE Release 3.1S |
|
|
IPP |
TCP/UDP |
631 |
Internet Printing Protocol |
ipp |
Cisco IOS XE Release 3.1S |
|
|
IPPC |
TCP/UDP |
67 |
Internet Pluribus Packet Core |
ippc |
Cisco IOS XE Release 3.1S |
|
|
Ipv6-Frag |
TCP/UDP |
44 |
Fragment Header for IPv6 |
ipv6-frag |
Cisco IOS XE Release 3.1S |
|
|
Ipv6-ICMP |
TCP/UDP |
58 |
ICMP for IPv6 |
ipv6-icmp |
Cisco IOS XE Release 3.1S |
|
|
Ipv6INIP |
TCP/UDP |
41 |
Ipv6 encapsulated |
ipv6inip |
Cisco IOS XE Release 3.1S |
|
|
ipv6-NonXT |
TCP/UDP |
59 |
No Next Header for IPv6 |
ipv6-nonxt |
Cisco IOS XE Release 3.1S |
|
|
Ipv6-OPTS |
TCP/UDP |
60 |
Destination Options for IPv6 |
ipv6-opts |
Cisco IOS XE Release 3.1S |
|
|
Ipv6-Route |
TCP/UDP |
43 |
Routing Header for IPv6 |
ipv6-route |
Cisco IOS XE Release 3.1S |
|
|
IRC |
TCP/UDP |
194 |
Internet Relay Chat |
irc |
Cisco IOS XE Release 3.1S |
|
|
IRC-SERV |
TCP/UDP |
529 |
IRC-SERV |
irc-serv |
Cisco IOS XE Release 3.1S |
|
|
IRTP |
TCP/UDP |
28 |
Internet Reliable Transaction |
irtp |
Cisco IOS XE Release 3.1S |
|
|
IS99C |
TCP/UDP |
379 |
TIA/EIA/IS-99 modem client |
is99c |
Cisco IOS XE Release 3.1S |
|
|
IS99S |
TCP/UDP |
380 |
TIA/EIA/IS-99 modem server |
is99s |
Cisco IOS XE Release 3.1S |
|
|
ISAKMP |
UDP |
500, 4500 |
Internet Security Association & Key Management Protocol |
isakmp |
Cisco IOS XE Release 3.1S |
|
|
ISI-GI |
TCP/UDP |
55 |
ISI Graphics Language |
isi-gl |
Cisco IOS XE Release 3.1S |
|
|
ISIS |
TCP/UDP |
124 |
ISIS over IPv4 |
isis |
Cisco IOS XE Release 3.1S |
|
|
ISO-ILL |
TCP/UDP |
499 |
ISO ILL Protocol |
iso-ill |
Cisco IOS XE Release 3.1S |
|
|
ISO-IP |
TCP/UDP |
147 |
iso-ip |
iso-ip |
Cisco IOS XE Release 3.1S |
|
|
ISO-TP0 |
TCP/UDP |
146 |
iso-tp0 |
iso-tp0 |
Cisco IOS XE Release 3.1S |
|
|
ISO-TP4 |
TCP/UDP |
29 |
ISO Transport Protocol Class 4 |
iso-tp4 |
Cisco IOS XE Release 3.1S |
|
|
ISO-TSAP |
TCP/UDP |
102 |
ISO-TSAP Class 0 |
iso-tsap |
Cisco IOS XE Release 3.1S |
|
|
ISO-TSAP-C2 |
TCP/UDP |
399 |
ISO Transport Class 2 Non-Control |
iso-tsap-c2 |
Cisco IOS XE Release 3.1S |
|
|
ITM-MCELL-S |
TCP/UDP |
828 |
itm-mcell-s |
itm-mcell-s |
Cisco IOS XE Release 3.1S |
|
|
IXP-IN-IP |
TCP/UDP |
111 |
IPX in IP |
ixp-in-ip |
Cisco IOS XE Release 3.1S |
|
|
Jargon |
TCP/UDP |
148 |
Jargon |
jargon |
Cisco IOS XE Release 3.1S |
|
|
Kali |
TCP/UDP |
2213 |
Kali |
kali |
Cisco IOS XE Release 3.1S |
|
|
K-Block |
TCP/UDP |
287 |
K-block |
k-block |
Cisco IOS XE Release 3.1S |
|
|
Keyserver |
TCP/UDP |
584 |
Key Server |
keyserver |
Cisco IOS XE Release 3.1S |
|
|
KIS |
TCP/UDP |
186 |
KIS Protocol |
kis |
Cisco IOS XE Release 3.1S |
|
|
Klogin |
TCP/UDP |
543 |
klogin |
klogin |
Cisco IOS XE Release 3.1S |
|
|
Knet-CMP |
TCP/UDP |
157 |
KNET/VM Command/Message Protocol |
knet-cmp |
Cisco IOS XE Release 3.1S |
|
|
Konspire2b |
TCP/UDP |
6085 |
Konspire2b p2p network |
Konspire2b |
Cisco IOS XE Release 3.1S |
|
|
Kpasswd |
TCP/UDP |
464 |
Kpasswd |
kpasswd |
Cisco IOS XE Release 3.1S |
|
|
Kryptolan |
TCP/UDP |
398 |
Kryptolan |
kryptolan |
Cisco IOS XE Release 3.1S |
|
|
Kshell |
TCP/UDP |
544 |
Kshell |
kshell |
Cisco IOS XE Release 3.1S |
|
|
L2TP |
TCP/UDP |
1701 |
l2tp |
l2tp |
Cisco IOS XE Release 3.1S |
|
|
LA-Maint |
TCP/UDP |
51 |
IMP Logical Address Maintenance |
la-maint |
Cisco IOS XE Release 3.1S |
|
|
LANServer |
TCP/UDP |
637 |
lanserver |
lanserver |
Cisco IOS XE Release 3.1S |
|
|
LARP |
TCP/UDP |
91 |
Locus Address Resolution Protocol |
larp |
Cisco IOS XE Release 3.1S |
|
|
LDAP |
TCP/UDP |
389 |
Lightweight Directory Access Protocol |
ldap |
Cisco IOS XE Release 3.1S |
|
|
LDP |
TCP/UDP |
646 |
LDP |
ldp |
Cisco IOS XE Release 3.1S |
|
|
Leaf-1 |
TCP/UDP |
25 |
Leaf-1 |
leaf-1 |
Cisco IOS XE Release 3.1S |
|
|
Leaf-2 |
TCP/UDP |
26 |
Leaf-2 |
leaf-2 |
Cisco IOS XE Release 3.1S |
|
|
Legent-1 |
TCP/UDP |
373 |
Legent Corporation |
legent-1 |
Cisco IOS XE Release 3.1S |
|
|
Legent-2 |
TCP/UDP |
374 |
Legent Corporation |
legent-2 |
Cisco IOS XE Release 3.1S |
|
|
LJK-Login |
TCP/UDP |
472 |
ljk-login |
ljk-login |
Cisco IOS XE Release 3.1S |
|
|
Lockd |
TCP/UDP |
4045 |
NFS Lock Daemon Manager |
lockd |
Cisco IOS XE Release 3.1S |
|
|
Locus-Con |
TCP/UDP |
127 |
Locus PC-Interface Conn Server |
locus-con |
Cisco IOS XE Release 3.1S |
|
|
Locus-Map |
TCP/UDP |
125 |
Locus PC-Interface Net Map Ser |
locus-map |
Cisco IOS XE Release 3.1S |
|
|
MAC-SRVR-Admin |
TCP/UDP |
660 |
MacOS Server Admin |
mac-srvr-admin |
Cisco IOS XE Release 3.1S |
|
|
Magenta-Logic |
TCP/UDP |
313 |
Magenta-logic |
magenta-logic |
Cisco IOS XE Release 3.1S |
|
|
Mailbox-LM |
TCP/UDP |
505 |
Mailbox-lm |
mailbox-lm |
Cisco IOS XE Release 3.1S |
|
|
Mailq |
TCP/UDP |
174 |
MAILQ |
mailq |
Cisco IOS XE Release 3.1S |
|
|
Maitrd |
TCP/UDP |
997 |
Maitrd |
maitrd |
Cisco IOS XE Release 3.1S |
|
|
MANET |
TCP/UDP |
138 |
MANET Protocols |
manet |
Cisco IOS XE Release 3.1S |
|
|
MasqDialer |
TCP/UDP |
224 |
Masqdialer |
masqdialer |
Cisco IOS XE Release 3.1S |
|
|
Matip-Type-A |
TCP/UDP |
350 |
MATIP Type A |
matip-type-a |
Cisco IOS XE Release 3.1S |
|
|
Matip-Type-B |
TCP/UDP |
351 |
MATIP Type B |
matip-type-b |
Cisco IOS XE Release 3.1S |
|
|
MCIDAS |
TCP/UDP |
112 |
McIDAS Data Transmission Protocol |
mcidas |
Cisco IOS XE Release 3.1S |
|
|
MCNS-Sec |
TCP/UDP |
638 |
mcns-sec |
mcns-sec |
Cisco IOS XE Release 3.1S |
|
|
MDC-Portmapper |
TCP/UDP |
685 |
mdc-portmapper |
mdc-portmapper |
Cisco IOS XE Release 3.1S |
|
|
MeComm |
TCP/UDP |
668 |
MeComm |
mecomm |
Cisco IOS XE Release 3.1S |
|
|
MeRegister |
TCP/UDP |
669 |
MeRegister |
meregister |
Cisco IOS XE Release 3.1S |
|
|
Merit-INP |
TCP/UDP |
32 |
MERIT Internodal Protocol |
merit-inp |
Cisco IOS XE Release 3.1S |
|
|
Meta5 |
TCP/UDP |
393 |
Meta5 |
meta5 |
Cisco IOS XE Release 3.1S |
|
|
Metagram |
TCP/UDP |
99 |
Metagram |
metagram |
Cisco IOS XE Release 3.1S |
|
|
Meter |
TCP/UDP |
570 |
Meter |
meter |
Cisco IOS XE Release 3.1S |
|
|
Mfcobol |
TCP/UDP |
86 |
Micro Focus Cobol |
mfcobol |
Cisco IOS XE Release 3.1S |
|
|
MFE-NSP |
TCP/UDP |
31 |
MFE Network Services Protocol |
mfe-nsp |
Cisco IOS XE Release 3.1S |
|
|
MFTP |
TCP/UDP |
349 |
mftp |
mftp |
Cisco IOS XE Release 3.1S |
|
|
Micom-PFS |
TCP/UDP |
490 |
Micom-pfs |
micom-pfs |
Cisco IOS XE Release 3.1S |
|
|
MICP |
TCP/UDP |
95 |
Mobile Internetworking Control Pro. |
micp |
Cisco IOS XE Release 3.1S |
|
|
Micromuse-LM |
TCP/UDP |
1534 |
micromuse-lm |
micromuse-lm |
Cisco IOS XE Release 3.1S |
|
|
MIT-DOV |
TCP/UDP |
91 |
MIT Dover Spooler |
mit-dov |
Cisco IOS XE Release 3.1S |
|
|
MIT-ML-Dev |
TCP/UDP |
83 |
MIT ML Device |
mit-ml-dev |
Cisco IOS XE Release 3.1S |
|
|
Mobile |
TCP/UDP |
55 |
IP Mobility |
mobile |
Cisco IOS XE Release 3.1S |
|
|
MobileIP-Agent |
TCP/UDP |
434 |
mobileip-agent |
mobileip-agent |
Cisco IOS XE Release 3.1S |
|
|
MobilIP-MN |
TCP/UDP |
435 |
mobilip-mn |
mobilip-mn |
Cisco IOS XE Release 3.1S |
|
|
Mondex |
TCP/UDP |
471 |
Mondex |
mondex |
Cisco IOS XE Release 3.1S |
|
|
Monitor |
TCP/UDP |
561 |
Monitor |
monitor |
Cisco IOS XE Release 3.1S |
|
|
Mortgageware |
TCP/UDP |
367 |
Mortgageware |
mortgageware |
Cisco IOS XE Release 3.1S |
|
|
MPLS-IN-IP |
TCP/UDP |
137 |
MPLS-in-IP |
mpls-in-ip |
Cisco IOS XE Release 3.1S |
|
|
MPM |
TCP/UDP |
45 |
Message Processing Module |
mpm |
Cisco IOS XE Release 3.1S |
|
|
MPM-Flags |
TCP/UDP |
44 |
MPM FLAGS Protocol |
mpm-flags |
Cisco IOS XE Release 3.1S |
|
|
MPM-SND |
TCP/UDP |
46 |
MPM [default send] |
mpm-snd |
Cisco IOS XE Release 3.1S |
|
|
MPP |
TCP/UDP |
218 |
Netix Message Posting Protocol |
mpp |
Cisco IOS XE Release 3.1S |
|
|
MPTN |
TCP/UDP |
397 |
Multi Protocol Transport Network |
mptn |
Cisco IOS XE Release 3.1S |
|
|
MRM |
TCP/UDP |
679 |
mrm |
mrm |
Cisco IOS XE Release 3.1S |
|
|
MSDP |
TCP/UDP |
639 |
msdp |
msdp |
Cisco IOS XE Release 3.1S |
|
|
MSExch-Routing |
TCP/UDP |
691 |
MS Exchange Routing |
msexch-routing |
Cisco IOS XE Release 3.1S |
|
|
MSFT-GC |
TCP/UDP |
3268 |
Microsoft Global Catalog |
msft-gc |
Cisco IOS XE Release 3.1S |
|
|
MSFT-GC-SSL |
TCP/UDP |
3269 |
Microsoft Global Catalog with LDAP/SSL |
msft-gc-ssl |
Cisco IOS XE Release 3.1S |
|
|
MSG-AUTH |
TCP/UDP |
31 |
msg-auth |
msg-auth |
Cisco IOS XE Release 3.1S |
|
|
MSG-ICP |
TCP/UDP |
29 |
msg-icp |
msg-icp |
Cisco IOS XE Release 3.1S |
|
|
MSNP |
TCP/UDP |
1863 |
msnp |
msnp |
Cisco IOS XE Release 3.1S |
|
|
MS-OLAP |
TCP/UDP |
2393 |
Microsoft OLAP |
ms-olap |
Cisco IOS XE Release 3.1S |
|
|
MSP |
TCP/UDP |
18 |
Message Send Protocol |
msp |
Cisco IOS XE Release 3.1S |
|
|
MS-Rome |
TCP/UDP |
569 |
Microsoft rome |
ms-rome |
Cisco IOS XE Release 3.1S |
|
|
MS-Shuttle |
TCP/UDP |
568 |
Microsoft shuttle |
ms-shuttle |
Cisco IOS XE Release 3.1S |
|
|
MS-SQLl-M |
TCP/UDP |
1434 |
Microsoft-SQL-Monitor |
ms-sql-m |
Cisco IOS XE Release 3.1S |
|
|
MS-wbt |
TCP |
3389/Heuristic |
Microsoft Windows based Terminal Services |
ms-wbt |
Cisco IOS XE Release 3.4S |
|
|
MTP |
TCP/UDP |
92 |
Multicast Transport Protocol |
mtp |
Cisco IOS XE Release 3.1S |
|
|
Multiling-HTTP |
TCP/UDP |
777 |
Multiling HTTP |
multiling-http |
Cisco IOS XE Release 3.1S |
|
|
Multiplex |
TCP/UDP |
171 |
Network Innovations Multiplex |
multiplex |
Cisco IOS XE Release 3.1S |
|
|
Mumps |
TCP/UDP |
188 |
Plus Fives MUMPS |
mumps |
Cisco IOS XE Release 3.1S |
|
|
MUX |
TCP/UDP |
18 |
Multiplexing |
mux |
Cisco IOS XE Release 3.1S |
|
|
Mylex-MAPD |
TCP/UDP |
467 |
mylex-mapd |
mylex-mapd |
Cisco IOS XE Release 3.1S |
|
|
MySQL |
TCP/UDP |
3306 |
MySQL |
mysql |
Cisco IOS XE Release 3.1S |
|
|
Name |
TCP/UDP |
42 |
Host Name Server |
name |
Cisco IOS XE Release 3.1S |
|
|
NAMP |
TCP/UDP |
167 |
namp |
namp |
Cisco IOS XE Release 3.1S |
|
|
NARP |
TCP/UDP |
54 |
NBMA Address Resolution Protocol |
narp |
Cisco IOS XE Release 3.1S |
|
|
NAS |
TCP/UDP |
991 |
Netnews Administration System |
nas |
Cisco IOS XE Release 3.1S |
|
|
NCED |
TCP/UDP |
404 |
nced |
nced |
Cisco IOS XE Release 3.1S |
|
|
NCLD |
TCP/UDP |
405 |
ncld |
ncld |
Cisco IOS XE Release 3.1S |
|
|
NCP |
TCP/UDP |
524 |
NCP |
ncp |
Cisco IOS XE Release 3.1S |
|
|
NDSAuth |
TCP/UDP |
353 |
NDSAUTH |
ndsauth |
Cisco IOS XE Release 3.1S |
|
|
Nest-Protocol |
TCP/UDP |
489 |
Nest-protocol |
nest-protocol |
Cisco IOS XE Release 3.1S |
|
|
Net8-CMAN |
TCP/UDP |
1830 |
Oracle Net8 CMan Admin |
net8-cman |
Cisco IOS XE Release 3.1S |
|
|
Net-Assistant |
TCP/UDP |
3283 |
net-assistant |
net-assistant |
Cisco IOS XE Release 3.1S |
|
|
Netblt |
TCP/UDP |
30 |
Bulk Data Transfer Protocol |
netblt |
Cisco IOS XE Release 3.1S |
|
|
NetGW |
TCP/UDP |
741 |
netgw |
netgw |
Cisco IOS XE Release 3.1S |
|
|
NetNews |
TCP/UDP |
532 |
readnews |
netnews |
Cisco IOS XE Release 3.1S |
|
|
NetRCS |
TCP/UDP |
742 |
Network based RCS |
netrcs |
Cisco IOS XE Release 3.1S |
|
|
NetRJS-1 |
TCP/UDP |
71 |
Remote Job Service |
netrjs-1 |
Cisco IOS XE Release 3.1S |
|
|
NetRJS-2 |
TCP/UDP |
72 |
Remote Job Service |
netrjs-2 |
Cisco IOS XE Release 3.1S |
|
|
NetRJS-3 |
TCP/UDP |
73 |
Remote Job Service |
netrjs-3 |
Cisco IOS XE Release 3.1S |
|
|
NetRJS-4 |
TCP/UDP |
74 |
Remote Job Service |
netrjs-4 |
Cisco IOS XE Release 3.1S |
|
|
NETSC-Dev |
TCP/UDP |
155 |
NETSC |
netsc-dev |
Cisco IOS XE Release 3.1S |
|
|
NETSC-Prod |
TCP/UDP |
154 |
NETSC |
netsc-prod |
Cisco IOS XE Release 3.1S |
|
|
NetViewDM1 |
TCP/UDP |
729 |
IBM NetView M |
netviewdm1 |
Cisco IOS XE Release 3.1S |
|
|
NetviewDM2 |
TCP/UDP |
730 |
IBM NetView DM |
netviewdm2 |
Cisco IOS XE Release 3.1S |
|
|
NetviewDM3 |
TCP/UDP |
731 |
IBM NetView DM |
netviewdm3 |
Cisco IOS XE Release 3.1S |
|
|
Netwall |
TCP/UDP |
533 |
for emergency broadcasts |
netwall |
Cisco IOS XE Release 3.1S |
|
|
Netware-IP |
TCP/UDP |
396 |
Novell Netware over IP |
netware-ip |
Cisco IOS XE Release 3.1S |
|
|
New-RWHO |
TCP/UDP |
550 |
new who |
new-rwho |
Cisco IOS XE Release 3.1S |
|
|
NextStep |
TCP/UDP |
178 |
NextStep Window Server |
nextstep |
Cisco IOS XE Release 3.1S |
|
|
NFS |
TCP/UDP |
2049 |
Network File System |
nfs |
Cisco IOS XE Release 3.1S |
|
|
NicName |
TCP/UDP |
43 |
Who Is |
nicname |
Cisco IOS XE Release 3.1S |
|
|
NI-FTP |
TCP/UDP |
47 |
NI FTP |
ni-ftp |
Cisco IOS XE Release 3.1S |
|
|
NI-Mail |
TCP/UDP |
61 |
NI MAIL |
ni-mail |
Cisco IOS XE Release 3.1S |
|
|
Nlogin |
TCP/UDP |
758 |
nlogin |
nlogin |
Cisco IOS XE Release 3.1S |
|
|
NMAP |
TCP/UDP |
689 |
nmap |
nmap |
Cisco IOS XE Release 3.1S |
|
|
NMSP |
TCP/UDP |
537 |
Networked Media Streaming Protocol |
nmsp |
Cisco IOS XE Release 3.1S |
|
|
NNSP |
TCP/UDP |
433 |
nnsp |
nnsp |
Cisco IOS XE Release 3.1S |
|
|
Notes |
TCP/UDP |
1352 |
Lotus Notes(R) |
notes |
Cisco IOS XE Release 3.1S |
|
|
NovaStorBakcup |
TCP/UDP |
308 |
Novastor Backup |
novastorbakcup |
Cisco IOS XE Release 3.1S |
|
|
NPMP-GUI |
TCP/UDP |
611 |
npmp-gui |
npmp-gui |
Cisco IOS XE Release 3.1S |
|
|
NPMP-Local |
TCP/UDP |
610 |
npmp-local |
npmp-local |
Cisco IOS XE Release 3.1S |
|
|
NPMP-Trap |
TCP/UDP |
609 |
npmp-trap |
npmp-trap |
Cisco IOS XE Release 3.1S |
|
|
NPP |
TCP/UDP |
92 |
Network Printing Protocol |
npp |
Cisco IOS XE Release 3.1S |
|
|
NQS |
TCP/UDP |
607 |
nqs |
nqs |
Cisco IOS XE Release 3.1S |
|
|
NS |
TCP/UDP |
760 |
ns |
ns |
Cisco IOS XE Release 3.1S |
|
|
NSFNET-IGP |
TCP/UDP |
85 |
NSFNET-IGP |
nsfnet-igp |
Cisco IOS XE Release 3.1S |
|
|
NSIIOPS |
TCP/UDP |
261 |
IIOP Name Service over TLS/SSL |
nsiiops |
Cisco IOS XE Release 3.1S |
|
|
NSRMP |
TCP/UDP |
359 |
Network Security Risk Management Protocol |
nsrmp |
Cisco IOS XE Release 3.1S |
|
|
NSS-Routing |
TCP/UDP |
159 |
NSS-Routing |
nss-routing |
Cisco IOS XE Release 3.1S |
|
|
NSW-FE |
TCP/UDP |
27 |
NSW User System FE |
nsw-fe |
Cisco IOS XE Release 3.1S |
|
|
Ntalk |
TCP/UDP |
518 |
Ntalk |
ntalk |
Cisco IOS XE Release 3.1S |
|
|
NTP |
TCP/ UDP |
123 |
Network Time Protocol |
ntp |
12.0(5)XE2 12.1(1)E 12.1(5)T 12.2(18)ZYA1 Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S |
|
|
NVP-II |
TCP/UDP |
11 |
Network Voice Protocol |
nvp-ii |
Cisco IOS XE Release 3.1S |
|
|
NXEdit |
TCP/UDP |
126 |
nxedit |
nxedit |
Cisco IOS XE Release 3.1S |
|
|
OBCBinder |
TCP/UDP |
183 |
ocbinder |
ocbinder |
Cisco IOS XE Release 3.1S |
|
|
OBEX |
TCP/UDP |
650 |
obex |
obex |
Cisco IOS XE Release 3.1S |
|
|
ObjCall |
TCP/UDP |
94 |
Tivoli Object Dispatcher |
objcall |
Cisco IOS XE Release 3.1S |
|
|
OCS_AMU |
TCP/UDP |
429 |
ocs_amu |
ocs_amu |
Cisco IOS XE Release 3.1S |
|
|
OCS_CMU |
TCP/UDP |
428 |
ocs_cmu |
ocs_cmu |
Cisco IOS XE Release 3.1S |
|
|
OCServer |
TCP/UDP |
184 |
ocserver |
ocserver |
Cisco IOS XE Release 3.1S |
|
|
ODMR |
TCP/UDP |
366 |
odmr |
odmr |
Cisco IOS XE Release 3.1S |
|
|
OHIMSRV |
TCP/UDP |
506 |
ohimsrv |
ohimsrv |
Cisco IOS XE Release 3.1S |
|
|
OLSR |
TCP/UDP |
698 |
olsr |
olsr |
Cisco IOS XE Release 3.1S |
|
|
OMGInitialRefs |
TCP/UDP |
900 |
omginitialrefs |
omginitialrefs |
Cisco IOS XE Release 3.1S |
|
|
OMServ |
TCP/UDP |
764 |
omserv |
omserv |
Cisco IOS XE Release 3.1S |
|
|
ONMUX |
TCP/UDP |
417 |
onmux |
onmux |
Cisco IOS XE Release 3.1S |
|
|
Opalis-RDV |
TCP/UDP |
536 |
Opalis-rdv |
opalis-rdv |
Cisco IOS XE Release 3.1S |
|
|
Opalis-Robot |
TCP/UDP |
314 |
oOpalis-robot |
opalis-robot |
Cisco IOS XE Release 3.1S |
|
|
OPC-Job-Start |
TCP/UDP |
423 |
IBM Operations Planning and Control Start |
opc-job-start |
Cisco IOS XE Release 3.1S |
|
|
OPC-Job-Track |
TCP/UDP |
424 |
IBM Operations Planning and Control Track |
opc-job-track |
Cisco IOS XE Release 3.1S |
|
|
Openport |
TCP/UDP |
260 |
Openport |
openport |
Cisco IOS XE Release 3.1S |
|
|
OpenVMS-Sysipc |
TCP/UDP |
557 |
Openvms-sysipc |
openvms-sysipc |
Cisco IOS XE Release 3.1S |
|
|
OracleNames |
TCP/UDP |
1575 |
Oraclenames |
oraclenames |
Cisco IOS XE Release 3.1S |
|
|
OracleNet8CMAN |
TCP/UDP |
1630 |
Oracle Net8 Cman |
oraclenet8cman |
Cisco IOS XE Release 3.1S |
|
|
ORA-Srv |
TCP/UDP |
1525 |
Oracle TCP/IP Listener |
ora-srv |
12.2(18)ZYA 12.2(18)ZYA Cisco IOS XE Release 3.1S |
|
|
Orbix-Config |
TCP/UDP |
3076 |
Orbix 2000 Config |
orbix-config |
Cisco IOS XE Release 3.1S |
|
|
Orbix-Locator |
TCP/UDP |
3075 |
Orbix 2000 Locator |
orbix-locator |
Cisco IOS XE Release 3.1S |
|
|
Orbix-Loc-SSL |
TCP/UDP |
3077 |
Orbix 2000 Locator SSL |
orbix-loc-ssl |
Cisco IOS XE Release 3.1S |
|
|
OSPF |
TCP/UDP |
89 |
Open Shortest Path First |
ospf |
Cisco IOS XE Release 3.1S |
|
|
OSU-NMS |
TCP/UDP |
192 |
OSU Network Monitoring System |
osu-nms |
Cisco IOS XE Release 3.1S |
|
|
Parsec-Game |
TCP/UDP |
6582 |
Parsec Gameserver |
parsec-game |
Cisco IOS XE Release 3.1S |
|
|
Passgo |
TCP/UDP |
511 |
Passgo |
passgo |
Cisco IOS XE Release 3.1S |
|
|
Passgo-Tivoli |
TCP/UDP |
627 |
Passgo-tivoli |
passgo-tivoli |
Cisco IOS XE Release 3.1S |
|
|
Password-Chg |
TCP/UDP |
586 |
Password Change |
password-chg |
Cisco IOS XE Release 3.1S |
|
|
Pawserv |
TCP/UDP |
345 |
Perf Analysis Workbench |
pawserv |
Cisco IOS XE Release 3.1S |
|
|
PCMail-SRV |
TCP/UDP </ |