filter add/Edit ipv4
filter add ipv4 - Add an IPv4 filter configuration
filter edit ipv4 - Change an IPv4 filter configuration
Description:
With these commands, you can create a new filter or change the parameters of an existing filter instance.
Syntax:
filter {add|edit} ipv4 <filter-name> {
{name <filter-name>} |
{dst-ipv4-addr <ip-addr> {disable | enable} } |
{dst-ipv4-mask <ip-addr>} |
{src-ipv4-addr <ip-addr> {disable | enable} } |
{src-ipv4-mask <ip-addr>} |
{protocol <0-255> {disable | enable}} |
{header-length <0-15> {disable | enable}} |
{ttl <0-255> {disable | enable}} |
{ip-cos-mode {dscp-mode | precedence-mode}} |
{dscp <0-63> {disable | enable}} |
{dscp-last <0-63> {disable | enable}} |
{dscp-oper {lt | gt | eq | range}} |
{precedence <0-7> {disable | enable}} |
{precedence-last <0-7> {disable | enable}} |
{precedence-oper {lt | gt | eq | range}} |
{ecn <0-3> {disable | enable}} |
{icmp-type <0-255> {disable | enable}} |
{icmp-code <0-255> {disable | enable}} |
{destination-port <0-65535> {disable | enable}} |
{destination-port-last <0-65535> {disable | enable}} |
{destination-port-oper {eq | range}} |
{source-port <0-65535> {disable | enable}} |
{source-port-last <0-65535> {disable | enable}} |
{source-port-oper {eq | range}} |
{vlanstack-size <0-3> {disable | enable}} |
{vlan1-cfi <0-1> {disable | enable}} |
{vlan2-cfi <0-1> {disable | enable}} |
{vlan1-id <0-4095> {disable | enable}} |
{vlan1-id-last <0-4095> {disable | enable}} |
{vlan1-id-oper {lt | gt | eq | range}} |
{vlan2-id <0-4095> {disable | enable}} |
{vlan2-id-last <0-4095> {disable | enable}} |
{vlan2-id-oper {lt | gt | eq | range}} |
{vlan1-priority <0-7> {disable | enable} } |
{vlan1-priority-last <0-7> {disable | enable}} |
{vlan1-priority-oper {lt | gt | eq | range}} |
{vlan2-priority <0-7> {disable | enable}} |
{vlan2-priority-last <0-7> {disable | enable}} |
{vlan2-priority-oper {lt | gt | eq | range}} |
{vlan1-ethertype {c-vlan | s-vlan | t-vlan | any | disable}} |
{vlan2-ethertype {c-vlan | s-vlan | t-vlan | any | disable}} }+
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
| name | A unique name to identify the filter. |
| disable | enable | To enable or disable the field in the check. |
| dst-ipv4-addr | The IPv4 destination address. |
| dst-ipv4-mask | Wildcard mask to be applied to the IPv4 destination address. Valid masks are prefixes from 0 to 32 bits (e.g., 0.0.0.0 - 255.255.255.255). |
| src-ipv4-addr | The IPv4 source address. |
| src-ipv4-mask | Wildcard mask to be applied to the IPv4 source address. Valid masks are prefixes from 0 to 32 bits (e.g., 0.0.0.0 - 255.255.255.255). |
| protocol | Layer 4 protocol value (0 - 255). |
| header-length | IPv4 header length in 32-bit units (5 - 15). |
| ttl | IPv4 time-to-live value (0 - 255). |
| icmp-type | ICMP type (0 - 255). |
| icmp-code | ICMP code (0 - 255). |
| destination-port | Destination port for TCP and UDP protocols (0 - 65535). |
| destination-port-last | Destination port last value, used in range operation. |
| destination-port-oper | Destination port operator. Valid operator types are: eq (equal) or range (inclusive range). |
| source-port | Source port for TCP and UDP protocols (0 - 65535). |
| source-port-last | Source port last value, used in range operation. |
| source-port-oper | Source port operator. Valid operator types are: eq (equal) or range (inclusive range). |
| ip-qos-mode | Choose between DSCP (RFC2474) or precedence (RFC791) interpretation for the IP TOS field. |
| dscp | The Diff-Serv CodePoint value (0 - 63). |
| dscp-last | The last DSCP value, used in range operation. |
| dscp-oper | Diff-Serv CodePoint operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| precedence | The Precedence value (0 - 7). |
| precedence-last | The last Precedence value, used in range operation. |
| precedence-oper | Precedence field operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| ecn | Explicit Congestion Notification value (0 - 3). |
| vlanstack-size | Indicates the number of VLAN tags that packets must have in order to match this filter (0 - 3). |
| vlan1-cfi | First VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan2-cfi | Second VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan1-id | First VLAN ID may be any value between 0 and 4095. |
| vlan1-id-last | First VLAN ID last value, used in range operation. |
| vlan1-id-oper | First VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-id | Second VLAN ID may be any value between 0 and 4095. |
| vlan2-id-last | Second VLAN ID last value, used in range operation. |
| vlan2-id-oper | Second VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-priority | First VLAN priority can vary between 0 and 7. |
| vlan1-priority-last | First VLAN priority last value, used in range operation. |
| vlan1-priority-oper | First VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-priority | Second VLAN priority can vary between 0 and 7. |
| vlan2-priority-last | Second VLAN priority last value, used in range operation. |
| vlan2-priority-oper | Second VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-ethertype | First VLAN Ethertype, identifying the type of the following VLAN, or accepting any. |
| vlan2-ethertype | Second VLAN Ethertype, identifying the type of the following VLAN, or accepting any. |
filter add/Edit ipv6
filter add ipv6 - Add an IPv6 filter configuration
filter edit ipv6 - Change an IPv6 filter configuration
Description:
With these commands, you can create a new filter or change the parameters of an existing filter instance.
Syntax:
filter {add|edit} ipv6 <filter-name> {
{name <filter-name>} |
{dst-ipv6-addr <ip-addr> {disable | enable} } |
{dst-ipv6-prefix <0-128>} |
{src-ipv6-addr <ip-addr> {disable | enable} } |
{src-ipv6-prefix <0-128>} |
{next-header <0-255> {disable | enable}} |
{hop-limit <0-255> {disable | enable}} |
{ip-cos-mode {dscp-mode | precedence-mode}} |
{dscp <0-63> {disable | enable}} |
{dscp-last <0-63> {disable | enable}} |
{dscp-oper {lt | gt | eq | range}} |
{precedence <0-7> {disable | enable}} |
{precedence-last <0-7> {disable | enable}} |
{precedence-oper {lt | gt | eq | range}} |
{icmp-type <0-255> {disable | enable}} |
{icmp-code <0-255> {disable | enable}} |
{destination-port <0-65535> {disable | enable}} |
{destination-port-last <0-65535> {disable | enable}} |
{destination-port-oper {eq | range}} |
{source-port <0-65535> {disable | enable}} |
{source-port-last <0-65535> {disable | enable}} |
{source-port-oper {eq | range}} |
{vlan1-cfi <0-1> {disable | enable}} |
{vlan2-cfi <0-1> {disable | enable}} |
{vlan1-id <0-4095> {disable | enable}} |
{vlan1-id-last <0-4095> {disable | enable}} |
{vlan1-id-oper {lt | gt | eq | range}} |
{vlan2-id <0-4095> {disable | enable}} |
{vlan2-id-last <0-4095> {disable | enable}} |
{vlan2-id-oper {lt | gt | eq | range}} |
{vlan1-priority <0-7> {disable | enable} } |
{vlan1-priority-last <0-7> {disable | enable}} |
{vlan1-priority-oper {lt | gt | eq | range}} |
{vlan2-priority <0-7> {disable | enable}} |
{vlan2-priority-last <0-7> {disable | enable}} |
{vlan2-priority-oper {lt | gt | eq | range}} |
{vlan1-ethertype {c-vlan | s-vlan | both | disable}} |
{vlan2-ethertype {c-vlan | s-vlan | both | disable}} }+
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
| name | A unique name to identify the filter. |
| disable | enable | To enable or disable the field in the check. |
| dst-ipv6-addr | The IPv6 destination address. |
| dst-ipv6-prefix | Prefix length to be applied to the IPv6 destination address. Valid prefixes are from 0 to 128. |
| src-ipv6-addr | The IPv6 source address. |
| src-ipv6-prefix | Prefix length to be applied to the IPv6 source address. Valid prefixes are from 0 to 128. |
| next-header | Next header value (0 - 255). |
| hop-limit | Hop limit value (0 - 255). |
| icmp-type | ICMP type (0 - 255). |
| icmp-code | ICMP code (0 - 255). |
| destination-port | Destination port for UDP protocol (0 - 65535). |
| source-port | Source port for UDP protocol (0 - 65535). |
| ip-qos-mode | Choose between DSCP (RFC2474) or precedence (RFC791) interpretation for the IP TOS field. |
| dscp | The Diff-Serv CodePoint value (0 - 63). |
| dscp-last | The last DSCP value, used in range operation. |
| dscp-oper | Diff-Serv CodePoint operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| precedence | The Precedence value (0 - 7). |
| precedence-last | The last Precedence value, used in range operation. |
| precedence-oper | Precedence field operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| ecn | Explicit Congestion Notification value (0 - 3). |
| vlan1-cfi | First VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan2-cfi | Second VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan1-id | First VLAN ID may be any value between 0 and 4095. |
| vlan1-id-last | First VLAN ID last value, used in range operation. |
| vlan1-id-oper | First VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-id | Second VLAN ID may be any value between 0 and 4095. |
| vlan2-id-last | Second VLAN ID last value, used in range operation. |
| vlan2-id-oper | Second VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-priority | First VLAN priority can vary between 0 and 7. |
| vlan1-priority-last | First VLAN priority last value, used in range operation. |
| vlan1-priority-oper | First VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-priority | Second VLAN priority can vary between 0 and 7. |
| vlan2-priority-last | Second VLAN priority last value, used in range operation. |
| vlan2-priority-oper | Second VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-ethertype | First VLAN Ethertype, identifying the following VLAN if we expect a C-VLAN, S-VLAN, or accept both. |
| vlan2-ethertype | Second VLAN Ethertype, identifying the following VLAN if we expect a C-VLAN, S-VLAN, or accept both. |
filter add/edit l2
filter add l2 - Add a Layer 2 filter configuration
filter edit l2 - Change a Layer 2 filter configuration
Description:
With these commands, you can create a new filter or change the parameters of an existing filter instance.
Syntax:
filter {add|edit} l2 <filter-name> {
{name <filter-name>} |
{dst-mac-addr <mac-addr> {disable | enable} } |
{dst-mac-mask <mac-addr>} |
{src-mac-addr <mac-addr> {disable | enable} } |
{src-mac-mask <mac-addr>} |
{ethertype <0-65535> {disable | enable} } |
{vlanstack-size <0-3> {disable | enable}} |
{vlan1-cfi <0-1> {disable | enable}} |
{vlan2-cfi <0-1> {disable | enable}} |
{vlan1-id <0-4095> {disable | enable}} |
{vlan1-id-last <0-4095> {disable | enable}} |
{vlan1-id-oper {lt | gt | eq | range}} |
{vlan2-id <0-4095> {disable | enable}} |
{vlan2-id-last <0-4095> {disable | enable}} |
{vlan2-id-oper {lt | gt | eq | range}} |
{vlan1-priority <0-7> {disable | enable}} |
{vlan1-priority-last <0-7> {disable | enable}} |
{vlan1-priority-oper {lt | gt | eq | range}} |
{vlan2-priority <0-7> {disable | enable}} |
{vlan2-priority-last <0-7> {disable | enable}} |
{vlan2-priority-oper {lt | gt | eq | range}}
{vlan1-ethertype {c-vlan | s-vlan | t-vlan | any | disable}} |
{vlan2-ethertype {c-vlan | s-vlan | t-vlan | any | disable}} |
{ip-cos-mode {dscp-mode | precedence-mode}} |
{dscp <0-63> {disable | enable}} |
{dscp-last <0-63> {disable | enable}} |
{dscp-oper {lt | gt | eq | range}} |
{precedence <0-7> {disable | enable}} |
{precedence-last <0-7> {disable | enable}} |
{precedence-oper {lt | gt | eq | range}} }+
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
| name | A unique name to identify the filter. |
| disable | enable | To enable or disable the field in the check. |
| dst-mac-addr | Ethernet MAC destination address. |
| dst-mac-mask | Wildcard mask to be applied to the MAC destination address. Valid mask is a prefix of 16, 24, 25, 45, 48, or multicast bits (e.g., FF:FF:00:00:00:00, FF:FF:FF:FF:FF:FF, 01:00:00:00:00:00). |
| src-mac-addr | Ethernet MAC source address. |
| src-mac-mask | Wildcard mask to be applied to the MAC source address. Valid mask is a prefix of 16, 24, 25, 45, 48, or multicast bits (e.g., FF:FF:00:00:00:00, FF:FF:FF:FF:FF:FF, 01:00:00:00:00:00). |
| ethertype | The encapsulated Ethernet type identifies the 16-bit sub-protocol label field or the original IEEE 802.3 length field. |
| vlanstack-size | Indicates the number of VLAN tags that packets must have in order to match this filter (0 - 3). |
| vlan1-cfi | First VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan2-cfi | Second VLAN CFI may be 0 or 1. It is usually set to 0. |
| vlan1-id | First VLAN ID may be any value between 0 and 4095. |
| vlan1-id-last | First VLAN ID last value, used in range operation. |
| vlan1-id-oper | First VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-id | Second VLAN ID may be any value between 0 and 4095. |
| vlan2-id-last | Second VLAN ID last value, used in range operation. |
| vlan2-id-oper | Second VLAN ID operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-priority | First VLAN priority can vary between 0 and 7. |
| vlan1-priority-last | First VLAN priority last value, used in range operation. |
| vlan1-priority-oper | First VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan2-priority | Second VLAN priority can vary between 0 and 7. |
| vlan2-priority-last | Second VLAN priority last value, used in range operation. |
| vlan2-priority-oper | Second VLAN priority operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| vlan1-ethertype | First VLAN Ethertype, identifying the following VLAN if a specific type is expected or if any type is accepted. |
| vlan2-ethertype | Second VLAN Ethertype, identifying the following VLAN if a specific type is expected or if any type is accepted. |
| ip-qos-mode | Choose between DSCP (RFC2474) or precedence (RFC791) interpretation for the IP TOS field. |
| dscp | The Diff-Serv CodePoint value (0 - 63). |
| dscp-last | The last DSCP value, used in range operation. |
| dscp-oper | Diff-Serv CodePoint operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
| precedence | The Precedence value (0 - 7). |
| precedence-last | The last Precedence value, used in range operation. |
| precedence-oper | Precedence field operator. Valid operator types are: gt (greater than), lt (less than), eq (equal), or range (inclusive range). |
filter delete ipv4
filter delete ipv4 - Delete the specified IPv4 filter
Description:
filter delete ipv4 will delete the specified IPv4 filter.
Syntax:
filter delete ipv4 <filter-name>
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
filter delete ipv6
filter delete ipv6 - Delete the specified IPv6 filter
Description:
filter delete ipv6 will delete the specified IPv6 filter.
Syntax:
filter delete ipv6 <filter-name>
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
filter delete l2
filter delete l2 - Delete the specified Layer 2 filter
Description:
filter delete l2 will delete the specified Layer 2 filter.
Syntax:
filter delete l2 <filter-name>
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
filter show l2/ipv4/ipv6
filter show - Show filter configuration
Description:
This command displays a filter configuration. Specifying a filter name provides detailed configuration about this filter. If not, the command displays summary configuration for all filters.
Syntax:
filter show {l2 | ipv4 | ipv6} [<filter-name>]
Parameters:
| Parameter | Description |
|---|---|
| <filter-name> | <string> |
© 2025 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks