The following table lists the supported IPv4 and IPv6 match criteria.
Criteria |
Description |
|---|---|
dst-port |
Matches the specified port value against the destination port number of the UDP or TCP packet header. |
flow-label |
Matches the IPv6 flow label. |
fragment |
Matches fragmented or non-fragmented IP packet. |
next-header |
Matches the specified upper-layer protocol (such as TCP, UDP, or IGMPv6) against the next-header field of the IPv6 packet header. "*" can be used to specify a TCP or UDP upper-layer protocol match (logical OR). Next-header matching also allows matching on presence of a subset of IPv6 extension headers. See Management Access Filter commands for details about which extension header match is supported. |
l4-source-port |
Matches the specified port value against the L4 source port number of the UDP or TCP packet header. |
protocol |
Matches the specified protocol against the Protocol field in the IPv4 packet header (for example, TCP, UDP, or IGMP) of the outer IPv4. "*" can be used to specify TCP or UDP upper-layer protocol match (logical OR). |
router |
Matches the router instance that packets are ingressing from for this filter entry. |
src-ip |
Matches the specified source IPv4 or IPv6 address prefix and mask against the source IPv4 or IPv6 address field in the IP packet header. |
src-port |
Matches packets that are ingressing from this port. |