Filter
Location in GUI: Tenants
» XXX
» Contracts
» Filters
Diagram
Section titled “Diagram”Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
filters | List | [filters] | No |
filters (apic.tenants)
Section titled “filters (apic.tenants)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
entries | List | [entries] | No |
entries (apic.tenants.filters)
Section titled “entries (apic.tenants.filters)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
ethertype | Choice | unspecified , ipv4 , trill , arp , ipv6 , mpls_ucast , mac_security , fcoe , ip | No | ip |
protocol | Any | Integer[min: 0 , max: 255 ] or Choice[unspecified , icmp , igmp , tcp , egp , igp , udp , icmpv6 , eigrp , ospfigp , pim , l2tp ] | No | tcp |
source_from_port | Any | Integer[min: 0 , max: 65535 ] or Choice[unspecified , ftpData , smtp , dns , http , pop3 , https , rtsp , ssh ] | No | unspecified |
source_to_port | Any | Integer[min: 0 , max: 65535 ] or Choice[unspecified , ftpData , smtp , dns , http , pop3 , https , rtsp , ssh ] | No | |
destination_from_port | Any | Integer[min: 0 , max: 65535 ] or Choice[unspecified , ftpData , smtp , dns , http , pop3 , https , rtsp , ssh ] | No | unspecified |
destination_to_port | Any | Integer[min: 0 , max: 65535 ] or Choice[unspecified , ftpData , smtp , dns , http , pop3 , https , rtsp , ssh ] | No | |
stateful | Boolean | true , false | No | false |
Examples
Section titled “Examples”Examlpe-1: This configures a basic filter FILTER1
with a single HTTP
entry, which matches traffic with the ethertype of ip
, protocol of tcp
, and a destination port of 80
for HTTP. The destination port can be a range between destination_from_port and destination_to_port, and they are both set to the same value to only match a single port and not a range.
apic: tenants: - name: ABC filters: - name: FILTER1 entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 80 destination_to_port: 80
Example-2: This configures a filter WEB
with multiple entries to match related traffic, such as entry 1 being for HTTP
and the second named HTTPS
. The HTTP
entry matches traffic with the ethertype of ip
, protocol of tcp
, and a destination port of 80
for HTTP. The HTTPS
entry matches traffic with the ethertype of ip
, protocol of tcp
, and a destination port of 443
for HTTP. This allows for the logical grouping of related types of traffic into a single filter for flexibility where a number of different ports are related to a given service. Another similar example could be backup traffic.
apic: tenants: - name: ABC filters: - name: WEB description: Matches HTTP and HTTPS traffic entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 80 destination_to_port: 80 - name: HTTPS ethertype: ip protocol: tcp destination_from_port: 443 destination_to_port: 443
Examlpe-3: This configures a filter K8S
which demonstrates the use of a range of ports. This example allows TCP ports between destination_from_port 10250
to destination_to_port 10259
for Kubernetes as an example.
apic: tenants: - name: ABC filters: - name: WEB description: Matches K8S ports entries: - name: HTTP ethertype: ip protocol: tcp destination_from_port: 10250 destination_to_port: 10259
Example-4: This configures a WEB
filter with source_from_port and source_to_port set to 80
with the ethertype being ip
and the protocol tcp
. While it is not common to define the source ports, this can be useful when used with uni-directional contracts to selectively match differen types of traffic in a given direction (provider or consumer). Such a filter may be used with the web EPG being the consumer, where it initiates a request from the web server.
apic: tenants: - name: ABC filters: - name: WEB description: Matches HTTP traffic as the source port entries: - name: HTTP ethertype: ip protocol: tcp source_from_port: 80 source_to_port: 80