Skip to content

Filter

Location in GUI: Tenants » XXX » Contracts » Filters

Diagram
NameTypeConstraintMandatoryDefault Value
filtersList[filters]No

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
aliasStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
descriptionStringRegex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$No
entriesList[entries]No

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
aliasStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$No
ethertypeChoiceunspecified, ipv4, trill, arp, ipv6, mpls_ucast, mac_security, fcoe, ipNoip
protocolAnyInteger[min: 0, max: 255] or Choice[unspecified, icmp, igmp, tcp, egp, igp, udp, icmpv6, eigrp, ospfigp, pim, l2tp]Notcp
source_from_portAnyInteger[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh]Nounspecified
source_to_portAnyInteger[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh]No
destination_from_portAnyInteger[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh]Nounspecified
destination_to_portAnyInteger[min: 0, max: 65535] or Choice[unspecified, ftpData, smtp, dns, http, pop3, https, rtsp, ssh]No
statefulBooleantrue, falseNofalse

Examlpe-1: This configures a basic filter FILTER1 with a single HTTP entry, which matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 80 for HTTP. The destination port can be a range between destination_from_port and destination_to_port, and they are both set to the same value to only match a single port and not a range.

apic:
tenants:
- name: ABC
filters:
- name: FILTER1
entries:
- name: HTTP
ethertype: ip
protocol: tcp
destination_from_port: 80
destination_to_port: 80

Example-2: This configures a filter WEB with multiple entries to match related traffic, such as entry 1 being for HTTP and the second named HTTPS. The HTTP entry matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 80 for HTTP. The HTTPS entry matches traffic with the ethertype of ip, protocol of tcp, and a destination port of 443 for HTTP. This allows for the logical grouping of related types of traffic into a single filter for flexibility where a number of different ports are related to a given service. Another similar example could be backup traffic.

apic:
tenants:
- name: ABC
filters:
- name: WEB
description: Matches HTTP and HTTPS traffic
entries:
- name: HTTP
ethertype: ip
protocol: tcp
destination_from_port: 80
destination_to_port: 80
- name: HTTPS
ethertype: ip
protocol: tcp
destination_from_port: 443
destination_to_port: 443

Examlpe-3: This configures a filter K8S which demonstrates the use of a range of ports. This example allows TCP ports between destination_from_port 10250 to destination_to_port 10259 for Kubernetes as an example.

apic:
tenants:
- name: ABC
filters:
- name: WEB
description: Matches K8S ports
entries:
- name: HTTP
ethertype: ip
protocol: tcp
destination_from_port: 10250
destination_to_port: 10259

Example-4: This configures a WEB filter with source_from_port and source_to_port set to 80 with the ethertype being ip and the protocol tcp. While it is not common to define the source ports, this can be useful when used with uni-directional contracts to selectively match differen types of traffic in a given direction (provider or consumer). Such a filter may be used with the web EPG being the consumer, where it initiates a request from the web server.

apic:
tenants:
- name: ABC
filters:
- name: WEB
description: Matches HTTP traffic as the source port
entries:
- name: HTTP
ethertype: ip
protocol: tcp
source_from_port: 80
source_to_port: 80