DISPLAY TCPIP,,NETSTAT
REPORT TRUNCATED DUE TO GREATER THAN 65533 LINES OF OUTPUT
You can use the MAX parameter or filter parameters to limit the number
of records that are displayed for a report.Format
>>-Display --TCPIP--,--+----------+--,--------------------------> '-procname-' >----Netstat,--+-ACCess,NETWork--+---------+-----------------------------+----> | '-,ipaddr-' | | (1) (2) (3) (4) (5) (6) (7) | +-ALL-+--------+------------------------------------------+ | '-SERVER-' | | (1) (2) (3) (4) (5) (6) (7) (8) | +-ALLConn-+-----------+-----------------------------------+ | '-,APPLDATA-' | +-ARp--+----------+---------------------------------------+ | '-,netaddr-' | | (1) (3) (4) | +-BYTEinfo--+-----------+---------------------------------+ | '-,IDLETIME-' | +-CACHinfo------------------------------------------------+ +-CONFIG--------------------------------------------------+ | .---------------. | | V | (1) (2) (3) (4) (5) (6) (7) (8) | +-COnn----+-----------+-+---------------------------------+ | +-,APPLDATA-+ | | '-,SERVER---' | +-DEFADDRT------------------------------------------------+ | (7) (9) | +-DEvlinks--+----------------------+----------------------+ | +-,PNETID=--+-pnetid-+-+ | | | '-*------' | | | '-,SMC-----------------' | | (9) | +-HOme----------------------------------------------------+ | (10) | +-IDS--+----------------------+---------------------------+ | +-,SUMmary-------------+ | | '-,PROTOcol=--protocol-' | | (3) | +-ND------------------------------------------------------+ | (2) | +-PORTList------------------------------------------------+ | .-,SUMmary---------------. (3) (11) (12) | +-RESCache--+------------------------+--------------------+ | +-,DETAIL--+-----------+-+ | | | '-,NEGative-' | | | '-,SUMmary--+------+-----' | | '-,DNS-' | | .--------------------------. | | (3) V | | +-ROUTe--------+----------------------+-+-----------------+ | +-,ADDRTYPE=--+-IPV4-+-+ | | | '-IPV6-' | | | +-,DETAIL--------------+ | | +-,IQDIO---------------+ | | +-,PR=--+-ALL----+-----+ | | | '-prname-' | | | +-,QDIOACCEL-----------+ | | +-,RADV----------------+ | | '-,RSTAT---------------' | | (1) (2) (3) (4) (5) | +-SOCKets-------------------------------------------------+ +-SRCIP---------------------------------------------------+ | (13) | +-STATS-------+----------------------+--------------------+ | '-,PROTOcol=--protocol-' | | .-,GRoup-------------------. | +-TTLS--+--------------------------+----------------------+ | +-,COnn=connid-+---------+-+ | | | '-,DETAIL-' | | | '-,GRoup--+---------+------' | | '-,DETAIL-' | | (2) (3) (5) | +-VCRT--+---------+---------------------------------------+ | '-,DETAIL-' | | (2) (3) (5) | +-VDPT--+---------+---------------------------------------+ | '-,DETAIL-' | | (3) | +-VIPADCFG--+---------+-----------------------------------+ | '-,DETAIL-' | '-VIPADyn-+------------+----------------------------------' +-,DVIPA-----+ '-,VIPAROUTE-' >--+----------------------------------------------------+------>< | (6) | +-,APPLD=appldata------------------------------------+ | (1) | +-,CLIent=--client-----------------------------------+ | (8) | +-,CONNType=--+-NOTTLSPolicy-------------------+-----+ | '-TTLSPolicy--+----------------+-' | | +-,CURRent-------+ | | +-,GRoup=groupid-+ | | '-,STALE---------' | | (11) | +-,DNSAddr=dnsipaddr---------------------------------+ | (12) | +-,HOSTName=hostname---------------------------------+ | (9) | +-,INTFName=--intfname-------------------------------+ | (3) | +-,IPAddr=-+-ipaddr------------+---------------------+ | +-ipaddr/prefixLen--+ | | '-ipaddr/subnetmask-' | | (5) | +-,IPPort=-ipaddr+portnum----------------------------+ | (4) | +-,NOTN3270------------------------------------------+ | (2) | +-,POrt=--portnum------------------------------------+ | (7) | '-,SMCID=-+-smcid-+----------------------------------' '-*-----' (14) |--+---------------------+--+-------------+---------------------| '-,FORMat=--+-LONG--+-' +-,MAX=*------+ '-SHORT-' '-,MAX=--recs-'
- The CLIent filter is valid only with ALL, ALLConn, BYTEinfo, COnn, and SOCKets.
- The POrt filter is valid only with ALL, ALLConn, COnn, PORTList, SOCKets, VCRT, and VDPT.
- The IPAddr filter is valid only with ALL, ALLConn, BYTEinfo, COnn, ND, RESCache, ROUTe, SOCKets, VCRT, VDPT, and VIPADCFG.
- The NOTN3270 filter is valid only with ALL, ALLConn, BYTEinfo, COnn, and SOCKets.
- The IPPort filter is valid only with ALL, ALLConn, COnn, SOCKets, VCRT, and VDPT.
- The APPLD filter is valid only with ALL, ALLConn, and COnn.
- The SMCID filter is valid only with ALL, ALLConn, COnn, and DEvlinks.
- The CONNType filter is valid only with ALLConn and COnn.
- The INTFName filter is valid only with DEvlinks and HOme.
- The valid protocol values are TCP and UDP.
- The DNSAddr select string is valid only with RESCache.
- The HOSTName select string is valid only with RESCache.
- The valid protocol values are IP, ICMP, TCP, and UDP.
- If the MAX parameter is not specified on the command, the default value for the MAX parameter is the value of the MAXRECS parameter on the GLOBALCONFIG profile statement.
Parameters
- Netstat
- Request NETSTAT information.
- ACCess,NETWork
- Displays information about the network access tree in TCP/IP.
- ALL
- Displays detailed information about TCP connections and UDP sockets,
including some that were recently closed.
- SERVER
- Provides detailed information only for TCP connections that are in the listen state.
- ALLConn
- Displays information for all TCP/IP connections, including recently
closed ones.
- APPLDATA
- Displays application data in the output report.
- ARp
- Displays ARP cache information.
- netaddr
- This field has a maximum length of 15. Format is nnn.nnn.nnn.nnn where nnn is in the range 0 - 255. You must code all the triplets. No wildcards are allowed.
- BYTEinfo
- Displays the byte-count information about each active TCP connection
and UDP socket. At the end of the report, the number of records written
and the total number of records are displayed. The total number of
records represents all UDP sockets and all TCP connections, not just
active TCP connections.
- IDLETIME
- Displays the idle time for each connection.
- CACHinfo
- Displays information about Fast Response Cache Accelerator statistics. Statistics are displayed for each listening socket configured for Fast Response Cache Accelerator support. There is one section displayed per socket.
- CONFIG
- Displays TCP/IP configuration data.
- COnn
- Displays information about each active TCP/IP connection. At the
end of the report, the number of records written and the total number
of records are displayed. The total number of records represents all
UDP sockets and all TCP connections, not just active TCP connections.
- APPLDATA
- Displays application data in the output report.
- SERVER
- Displays detailed information about TCP connections in the listen state.
- DEFADDRT
- Displays the policy table for IPv6 default address selection.
- DEvlinks
- Displays information about interfaces in the TCP/IP address space.
- PNETID=pnetid
- Displays information about interfaces for the specified physical network ID (pnetid). If an asterisk (*) is specified for the PNETID value, all interfaces with a PNETID are displayed. This modifier is mutually exclusive with the SMC modifier.
- SMC
- Displays only Shared Memory Communications (SMC) information.
- For Shared Memory Communications over Remote Direct Memory Access (SMC-R), displays information only about RDMA network interface card (RNIC) interfaces and their associated SMC-R link groups and SMC-R links.
- For Shared Memory Communications - Direct Memory Access (SMC-D), displays information only about Internal Shared Memory (ISM) interfaces and their associated SMC-D links.
Tip: If the INTFName/-K filter is specified with the SMC modifier, the SMC-R link group information is not displayed.
- HOme
- Displays the home list.
- IDS
- Displays information about intrusion detection services.
- SUMmary
- Displays summary information about intrusion detection services.
- PROTOcol=protocol
- Displays information about intrusion detection services for the specified protocol. The valid protocols are TCP and UDP.
- ND
- Displays IPv6 Neighbor Discovery cache information.
- PORTList
- Displays the list of reserved ports and the port access control
configuration for unreserved ports. Configure port access control
for unreserved ports by specifying PORT profile statements with the
port number value replaced by the keyword UNRSV. For more information
about port access control, see port access
control information in z/OS Communications Server: IP Configuration Guide.
For ports that are reserved by the PORTRANGE profile statement, only one output line is displayed for each range.
- RESCache
- Displays information about the operation of the system-wide resolver
cache. This information is not specific to the TCP/IP stack whose
name was specified on the D TCPIP command. Statistical information,
such as number of record entries or number of cache queries, can be
retrieved, or detailed information about some or all of the cache
entries can be retrieved. Resolver caching is configured using resolver
configuration statements in the resolver setup file. For more information
about resolver caching, see details about resolver
caching in z/OS Communications Server: IP Configuration Guide.
- DETAIL
- Display detailed information for all unexpired entries that are
currently in the resolver cache. This information can include the
following contents:
- Host-name-to-IP address entries from resolver forward lookups
- IP-address-to-host-name entries from resolver reverse lookups
- Negative entries included in both forward and reverse lookup tables
- NEGative
- Display detailed information for all negative cache entries in the resolver cache.
- SUMmary
- Display general system statistics for resolver cache operations.
This is the default report for the RESCACHE report option.
- DNS
- Display general system statistics for resolver cache operations, plus individual statistics for each DNS name server that has provided information that is currently stored in the cache.
Result: Using the DETAIL modifier might cause a large amount of data to be displayed from the MVS™ console. As an alternative, consider using either the z/OS® UNIX shell or TSO version of the command when you have large amount of resolver cache information.
- ROUTe
- Displays routing information. For a complete description of ROUTe,
see Netstat ROUTe/-r report. Note: Static routes over deleted interfaces are removed from the main routing table and therefore do not appear in the reports generated for the main routing table. Loopback routes are displayed as well as implicit (HOME list) routes.
- ADDRTYPE
- Displays routing information.
- IPV4
- Displays IPv4 routing information. This parameter is mutually exclusive with the RADV parameter.
- IPV6
- Displays IPv6 routing information.
- DETAIL
- Displays the preceding information plus the metric or cost of
use for the route, and displays the following MVS-specific configured parameters for each route:
- Maximum retransmit time
- Minimum retransmit time
- Round-trip gain
- Variance gain
- Variance multiplier
- PR
- Displays policy-based routing tables. This parameter is mutually
exclusive with the QDIOACCEL and IQDIO parameters.
- ALL
- Displays all policy-based routing tables.
- prname
- Displays the policy-based routing table that has the name prname.
Restriction: Only active policy-based routing tables can be displayed with the Netstat ROUTe command. A policy-based routing table is active if an active routing rule and its associated action reference the policy-based routing table. You can display both active and inactive policy-based routing tables by using the pasearch command. For more information, see The z/OS UNIX pasearch command: Display policies. - QDIOACCEL
- IQDIO
- Displays routes that are eligible for accelerated routing by using the QDIO Accelerator or HiperSockets™ Accelerator. See information about QDIO Accelerator and efficient routing using HiperSockets Accelerator in z/OS Communications Server: IP Configuration Guide for more details. This parameter is mutually exclusive with the DETAIL, PR, RADV, and RSTAT parameters.
- RADV
- Displays all of the IPv6 routes that are added based on information received in router advertisement messages. All IPv6 router advertisement routes are displayed regardless of whether they are currently used for routing. The flags and reference count are not displayed on the report. This parameter is mutually exclusive with the RSTAT, QDIOACCEL, IQDIO, and ADDRTYPE=IPV4 parameters.
- RSTAT
- Displays all of the static routes that are defined as replaceable. All defined replaceable static routes are displayed without regard to whether they are currently being used for routing. The flags and reference count are not displayed on the report. The MTU value that is displayed in this report is the value that was defined by using the MTU parameter in the ROUTE statement, or the default value for the specified interface type. This parameter is mutually exclusive with the RADV, QDIOACCEL, and IQDIO parameters.
- SOCKets
- Displays information for open TCP or UDP sockets that are associated with a client name.
- SRCIP
- Displays information for all job-specific and destination-specific source IP address associations on the TCP/IP address space.
- STATS
- Displays TCP/IP statistics for each protocol.
- PROTOcol=protocol
- Displays statistics for the specified protocol. The valid protocols are IP, ICMP, TCP, and
UDP.Result: If you specify TCP, you get TCP, SMC-R, and SMC-D statistics.
- TTLS
- Displays Application Transparent Transport Layer Security (AT-TLS)
information for TCP protocol connections.
- COnn=connid
- Displays the name of the AT-TLS policy rule and the names of
the associated actions for the specified connection. The specified connid is a number assigned by the TCP/IP stack
to uniquely identify a socket entity. You can determine the connid from the Conn column in the Netstat ALLConn/-a report.
- DETAIL
- Displays the AT-TLS policy rule and the associated actions for the specified connection.
- GRoup
- Displays summary information for AT-TLS groups. AT-TLS groups
are defined using the TTLSGroupAction policy statement. The AT-TLS
group exists as long as the TTLSGroupAction statement is current or
as long as there are active connections using the group.
- DETAIL
- Displays detailed information for AT-TLS groups.
- VCRT
- Displays the dynamic VIPA Connection Routing Table information.
- DETAIL
- For each entry that represents an established dynamic VIPA connection
or an affinity created by the passive-mode FTP, displays the preceding
information plus the policy rule, action information, routing information,
and acceleration information.
For each entry that represents an affinity created by the TIMEDAFFINITY parameter on the VIPADISTRIBUTE profile statement, displays the preceding information plus the affinity related information.
- VDPT
- Displays the dynamic VIPA Destination Port Table information.
- DETAIL
- If this optional keyword is specified, when the table for TCP/IP
stacks is displayed, the output contains policy action information,
target responsiveness values, and a Workload Manager weight value
(W/Q), on a separate line. If the DETAIL keyword is not specified,
the output does not contain this information.
When the table for non-z/OS targets is displayed, the output contains the weight of the non-z/OS target. If the DETAIL keyword is not specified, the output does not contain this information.
- VIPADCFG
- Displays the current dynamic VIPA configuration information for a host.
- VIPADyn
- Displays the current dynamic VIPA and VIPAROUTE information for
a local host.
- DVIPA
- Displays the current dynamic VIPA information only.
- VIPAROUTE
- Displays the current VIPAROUTE information only.
- APPLD=appldata
- Filter the output of the ALL, ALLConn, and COnn reports by using the specified application data appldata. The maximum size for this field is 40 alphanumeric characters.
- CLIent=client
- Specifies a client name that is used to limit the ALL, ALLConn, BYTEinfo, COnn, and SOCKets responses. Maximum size for this field is 8 alphanumeric characters (plus special characters #, $, and @). Wildcards (* and ?) can appear in any position.
- CONNType
- Specifies a connection type to limit the ALLConn and COnn responses.
- NOTTLSPolicy
- Displays only those connections that have not been matched to
an Application Transparent Transport Layer Security (AT-TLS) rule.
This includes connections that were established while the AT-TLS function
was disabled (NOTTLS is specified or in effect by default on the TCPCONFIG
statement) and all connections that are not using the TCP protocol.
For TCP connections that were established while the AT-TLS function
was enabled, this includes the following connections:
- Connections for which AT-TLS policy lookup has not yet occurred (typically the first send or receive has not yet been issued ).
- Connections for which AT-TLS policy lookup has occurred but for which no matching rule was found.
- TTLSPolicy
- Displays only connections that match an Application Transparent
Transport Layer Security (AT-TLS) rule. This includes only connections
that were established while the AT-TLS function was enabled, for which
an AT-TLS policy rule was found with the value TTLSEnabled
ON or TTLSEnabled OFF specified in the TTLSGroupAction.
Responses can be further limited on AT-TLS connection type. AT-TLS
connection type has the following values:
- CURRent
- Displays only connections that are using AT-TLS where the rule and all actions are still available to be used for new connections.
- GRoup=groupid
- Displays only connections that are using the AT-TLS group specified by the groupid value. The specified groupid value is a number assigned by the TCP/IP stack to uniquely identify an AT-TLS group. You can determine the groupid value from the GroupID field in the Netstat TTLS GROUP report.
- STALE
- Displays only connections that are using AT-TLS where the rule or at least one action is no longer available to be used for new connections.
- DNSAddr=dnsipaddr
- Filter the output of the RESCache report using the specified DNS IP address dnsipaddr.
- HOSTName=hostname
- Filter the output of the RESCache report using the specified host name value hostname.
- INTFName=intfname
- Specifies a name that you can use to limit the DEvlinks and HOme
report options to a single interface or to a group of interfaces. For the DEvlinks and HOme report options, the INTFName filter can be one of the following values:
- The link name of a network interface that was configured on a LINK profile statement (this option selects one interface).
- The interface name of a network interface that was configured on an INTERFACE profile statement (this option selects one interface).
- The port name of an OSA-Express® feature in QDIO mode. This is the name that is specified on the PORTNAME keyword in the TRLE (this option selects all interfaces that are associated with the OSA-Express port, including an OSAENTA trace interface).
- The name of a HiperSockets TRLE (this option selects all interfaces that are associated with the HiperSockets TRLE).
Additionally, for the DEvlinks report option, the INTFName filter can also be the interface name of an OSAENTA trace interface, which is EZANTAportname, where the portname value is the name that is specified on the PORTNAME keyword in the TRLE for the OSA-Express port that is being traced (this option selects one interface). The INTFName filter is not supported for the DEvlinks report if the PNETID modifier is specified.
- IPAddr
- Provides the option response on specified ipaddr, ipaddr/subnetmask or ipaddr/prefixlength
- ipaddr
- Provides the response for ALL, ALLConn, BYTEinfo, COnn, ND, RESCache, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address (ipaddr). Except for the RESCache option, with IPv4 addresses, the default subnet mask 255.255.255.255 is used; for IPv6 addresses, the default prefix length 128 is used. The RECache option does not support any default subnet mask or default prefix length.
- ipaddr/subnetmask
- Provides the response for ALL, ALLConn, BYTEinfo, COnn, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address with specified subnet mask (ipaddr/subnetmask). The IP address (ipaddr) in this format must be an IPv4 IP address.
- ipaddr/prefixlength
- Provides the response for ALL, ALLConn, BYTEinfo, COnn, ND, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address and prefix length. For IPv4 addresses, the prefix length range is 1 - 32. For IPv6 addresses, the prefix length range is 1 - 128.
- IPPort=ipaddr+portnum
- Specifies the IP address and port that are used to limit the ALL, ALLConn, COnn, SOCKets, VCRT, and VDPT report options to the TCP local endpoints, TCP remote endpoints, or the UDP local endpoint. The specified IPv4 ipaddr value can be up to 15 characters in length, denoting a single IPv4 IP address; the specified IPv6 ipaddr value can be up to 45 characters in length, denoting a single IPv6 IP address. For TCP, the filter values ipaddr and portnum match any combination of the local and remote IP address and local and remote port.
- NOTN3270
- Provides the response of ALL, ALLConn, BYTEinfo, COnn, and SOCKets, excluding TN3270E Telnet server connections.
- POrt=portnum
- Specifies a port that is used to limit the ALL, ALLConn, COnn, PORTList, SOCKets, VCRT, and VDPT options. The port value range, for all options except the PORTLIST option, is 0 - 65535. No wildcards are allowed. For the PORTList option only, the port value range is 1 - 65535 and you can also filter on the keyword UNRSV.
- SMCID=smcid
- Specifies a Shared Memory Communications identifier that is used to limit the ALL, ALLConn, COnn, and DEvlinks report options. The identifier can represent an SMC-R link, SMC-R link group, or SMC-D link. If an asterisk (*) is specified for the filter value, Netstat provides output only for entries that are associated with SMC-R links, SMC-R link groups, and SMC-D links. The SMCID filter is not supported for the DEvlinks report if the PNETID modifier is specified.
- MAX=recs
- The maximum number of records for which Netstat displays information
on the console. The value recs indicates
the number of records that are displayed on each report. For example,
for the connection-related reports, a record is a TCP connection or
listener, or a UDP endpoint. Valid recs values are in the range 1 - 65535. Specify an asterisk (*) to display
information for all records on the console. If the number of output
lines exceeds the maximum number of lines for a multi-line WTO (Write
to Operator) message, the report output is truncated.
This parameter applies to the ACCess, ALL, ALLConn, ARp, BYTEinfo, CACHinfo, COnn, DEFADDRT, DEvlinks, HOme, IDS, ND, PORTList, RESCache, ROUTe, SOCKets, SRCIP, VCRT, VDPT, VIPADCFG, and VIPADyn reports. The following list shows the descriptions of variations in support for the parameter for specific reports:
- DEvlinks report - The parameter and the values in the n OF m RECORDS DISPLAYED output line apply only to network interfaces that are defined with DEVICE or INTERFACE profile statements. These parameters and values do not apply to the LAN group or to the OSA-Express network traffic analyzer information.
- HOme - The parameter and the values in the n OF m RECORDS DISPLAYED output line apply to the IP addresses that are displayed by the report.
If this parameter is specified, it overrides the MAXRECS parameter value on the GLOBALCONFIG profile statement. If this parameter is not specified, the number of records value used for the report is one of the following vlaues:- The MAXRECS parameter value that is specified on the GLOBALCONFIG TCP/IP profile statement.
- If the MAXRECS parameter is not specified, the MAXRECS parameter default value of 100 records.
If the report output is truncated, the n value specifies the number of records for which all output lines are successfully displayed.n OF m RECORDS DISPLAYED
Examples
DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK report
Use the DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK[,ipaddr] command to display the current NETACCESS profile statement configuration and associated security product information. When you specify the optional ipaddr value, the report is limited to the single NETACCESS entry, if any, that is currently being used by the stack for the specified IP address.
Parameters
- ipaddr
- A fully qualified IPv4 or IPv6 IP address. Wildcard IP address values are not supported. This value is used to display the NETACCESS profile statement entry that governs the specified ipaddr value.
Examples
Not IPv6 enabled (SHORT format):
NETWORK ACCESS INFORMATION
INBOUND: YES OUTBOUND: YES CACHE: ALL
NETWORK PREFIX ADDRESS MASK SAF NAME
DEFAULTHOME <NONE> DEFLTHOM
PRFNM: EZB.NETACCESS.MVS00111.TCPCS100.DEFLTHOM SECLABEL: SYSMULTI
DEFAULT <NONE> DEFLT
PRFNM: EZB.NETACCESS.*.*.* SECLABEL: OUTSIDER
10.0.0.0 255.0.0.0 SITENET
PRFNM: EZB.NETACCESS.*.*.SITE* SECLABEL: INTERNAL
10.240.90.0 255.255.255.224 PAYROLL
PRFNM: EZB.NETACCESS.*.*.PAYROLL SECLABEL: CONFACCT
10.240.90.32 255.255.255.224 SALES
PRFNM: EZB.NETACCESS.*.*.SALES SECLABEL: <NONE>
10.240.90.64 255.255.255.224 TRAINING
PRFNM: <NONE> SECLABEL: <NONE>
10.240.68.0 255.255.255.0 TESTFLOR
PRFNM: EZB.NETACCESS.MVS00111.*.TESTFLOR SECLABEL: SITEEAST
7 OF 7 RECORDS DISPLAYED
END OF THE REPORT
IPv6 enabled or request for LONG format:
NETWORK ACCESS INFORMATION
INBOUND: YES OUTBOUND: YES CACHE: ALL
SAF NAME NETWORK PREFIX AND PREFIX LENGTH
-------- --------------------------------
DEFLTHOM DEFAULTHOME
PRFNM: EZB.NETACCESS.MVS00111.TCPCS100.DEFLTHOM SECLABEL: SYSMULTI
DEFLT DEFAULT
PRFNM: EZB.NETACCESS.*.*.* SECLABEL: OUTSIDER
SITENET 10.0.0.0/8
PRFNM: EZB.NETACCESS.*.*.SITE* SECLABEL: INTERNAL
PAYROLL 10.240.90.0/27
PRFNM: EZB.NETACCESS.*.*.PAYROLL* SECLABEL: CONFACCT
SALES 10.240.90.32/27
PRFNM: EZB.NETACCESS.*.*.SALES SECLABEL: <NONE>
TRAINING 10.240.90.64/27
PRFNM: <NONE> SECLABEL: <NONE>
TESTFLOR 10.240.68.0/24
PRFNM: EZB.NETACCESS.MVS00111.*.TESTFLOR SECLABEL: SITEEAST
SITENET6 2001:0DB8:1::/64
PRFNM: EZB.NETACCESS.*.*.SITE* SECLABEL: INTERNAL
PAYROLL6 2001:0DB8:1:0:9:67:115:66/128
PRFNM: EZB.NETACCESS.*.*.PAYROLL* SECLABEL: CONFACCT
7 OF 7 RECORDS DISPLAYED
END OF THE REPORT
Report field descriptions
For a SHORT format report
- INBOUND
- Indicates whether Network Access Control is active for socket
commands associated with inbound processing (accept, bind, and all
variants of receive).
- Yes
- Indicates that INBOUND is in effect (the INBOUND parameter was defined in the NETACCESS profile statement).
- No
- Indicates that INBOUND is not in effect (the NOINBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).
- OUTBOUND
- Indicates whether Network Access Control is active for socket
commands associated with outbound processing (connect and all variants
of send).
- Yes
- Indicates that OUTBOUND is in effect (the OUTBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).
- No
- Indicates that OUTBOUND is not in effect (the NOOUTBOUND parameter was defined in the NETACCESS profile statement).
- CACHE
- Indicates the level of caching that is in effect for the Network
Access Control access checking.
- ALL
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached regardless of whether access is permitted or denied.
- PERMIT
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied.
- SAME
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied. In addition, if the user associated with the socket changes or if the IP address being accessed changes from the previous packet received or sent over the socket, a new SAF call is made for a previously permitted security zone.
- SAF NAME
- The final qualifier of a security product resource name. The maximum length is eight characters.
- PRFNM
- The security product profile covering this network security zone resource name. If no profile name covers this resource name or the SERVAUTH resource class is not active, the value NONE is displayed.
- SECLABEL
- The security label configured for the security product profile. If none is configured or the SECLABEL resource class is not active, the value NONE is displayed.
- NETWORK PREFIX AND ADDRESS MASK
- Can be one of the following case:
- The IPv4 IP address configured on a NETACCESS statement entry. It is logically ANDed with the ADDRESS MASK value to create the network address for which access control is required.
- The DEFAULTHOME entry configured on a NETACCESS statement entry. This entry is used for all IP addresses local to this stack that are not covered by a specific entry. This entry does not have an ADDRESS MASK.
- The DEFAULT entry configured on a NETACCESS statement entry. This entry is used for all IP addresses that are not covered by any other entry. This entry does not have an ADDRESS MASK.
For a LONG format report
- INBOUND
- Indicates whether Network Access Control is active for socket
commands associated with inbound processing (accept, bind, and all
variants of receive).
- Yes
- Indicates that INBOUND is in effect (the INBOUND parameter was defined in the NETACCESS profile statement),
- No
- Indicates that INBOUND is not in effect (the NOINBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).
- OUTBOUND
- Indicates whether Network Access Control is active for socket
commands associated with outbound processing (connect and all variants
of send).
- Yes
- Indicates that OUTBOUND is in effect (the OUTBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).
- No
- Indicates that OUTBOUND is not in effect (the NOOUTBOUND parameter was defined in the NETACCESS profile statement).
- CACHE
- Indicates the level of caching that is in effect for the Network
Access Control access checking.
- ALL
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached regardless of whether access is permitted or denied.
- PERMIT
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied.
- SAME
- Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied. In addition, if the user associated with the socket changes or if the IP address being accessed changes from the previous packet received or sent over the socket, a new SAF call is made for a previously permitted security zone.
- SAF NAME
- The final qualifier of a security product resource name. The maximum length is eight characters.
- NETWORK PREFIX AND PREFIX LENGTH
- Can be one of the following case:
- The IPv4 or IPv6 IP address and prefix length configured on a NETACCESS statement entry. (If an IPv4 network mask was configured, the prefix length is derived from it.) The prefix length specifies the left-most number of bits of the IP address to use to create the network address for which access control is required.
- The DEFAULTHOME entry configured on a NETACCESS statement entry. This entry is used for all IP addresses local to this stack that are not covered by a specific entry. This entry does not have a PREFIX LENGTH.
- The DEFAULT entry configured on a NETACCESS statement entry. This entry is used for all IP addresses that are not covered by any other entry. This entry does not have a PREFIX LENGTH.
- PRFNM
- The security product profile covering this network security zone resource name. If no profile name covers this resource name or the SERVAUTH resource class is not active, the value NONE is displayed.
- SECLABEL
- The security label configured for the security product profile. If none is configured or the SECLABEL resource class is not active, the value NONE is displayed.