cts role-based policy trace
protocol name |
wellknown_port_num
eq
dest_host ip_address
interface type slot/port Optional. Specifies the source interface type, slot, and physical port number.
Cisco TrustSec Configuration Guide
7-26
Specifies either the host-to-host protocol name or its well-known port
number when UDP or TCP is selected as the Internet Protocol. Supported
protocols and their associated well-known port numbers are as follows:
0 to 65535—Protocol Port number space.
biff—Biff (mail notification, comsat, 512)
bootpc—Bootstrap Protocol (BOOTP) client (68)
bootps—Bootstrap Protocol (BOOTP) server (67)
discard—Discard (9)
dnsix—DNSIX security protocol auditing (195)
domain—Domain Name Service (DNS, 53)
echo—Echo (7)
isakmp—Internet Security Association and Key Management Protocol
(500)
mobile-ip—Mobile IP registration (434)
nameserver—IEN116 name service (obsolete, 42)
netbios-dgm—NetBios datagram service (138)
netbios-ns—NetBios name service (137)
netbios-ss—NetBios session service (139)
non500-isakmp—Internet Security Association and Key Management
Protocol (4500)
ntp—Network Time Protocol (123)
pim-auto-rp—PIM Auto-RP (496)
rip—Routing Information Protocol (router, in.routed, 520)
snmp—Simple Network Management Protocol (161)
snmptrap—SNMP Traps (162)
sunrpc—Sun Remote Procedure Call (111)
syslog—System Logger (514)
tacacs—TAC Access Control System (49)
talk—Talk (517)
tftp—Trivial File Transfer Protocol (69)
time—Time (37)
who—Who service (rwho, 513)
xdmcp—X Display Manager Control Protocol (177)
Boolean operator (equals). Matches packets with the specified host-to-host
protocol or well-known port number from the specified host or interface.
Used only for TCP and UDP packets.
Specifies the IP address and port of the destination host.
Chapter 7
Cisco TrustSec Command Summary
OL-22192-01