DISPLAY TCPIP,,NETSTAT

Use the DISPLAY TCPIP,,NETSTAT command from an operator console to request Netstat information. For a detailed description of each report, see Netstat report details and examples. This command can display only 65 533 lines of output for each report. If the command cannot display all of the report output, the report is truncated and the END OF THE REPORT output line is not displayed. Instead, the following output line is displayed at the end of the report:

REPORT TRUNCATED DUE TO GREATER THAN 65533 LINES OF OUTPUT

You can use the MAX parameter or filter parameters to limit the number of records that are displayed for a report.

Format


>>-Display --TCPIP--,--+----------+--,-------------------------->
                       '-procname-'      

>----Netstat,--+-ACCess,NETWork--+---------+-----------------------------+---->
               |                 '-,ipaddr-'                             |     
               |                (1) (2) (3) (4) (5) (6) (7)              |     
               +-ALL-+--------+------------------------------------------+     
               |     '-SERVER-'                                          |     
               |                       (1) (2) (3) (4) (5) (6) (7) (8)   |     
               +-ALLConn-+-----------+-----------------------------------+     
               |         '-,APPLDATA-'                                   |     
               +-ARp--+----------+---------------------------------------+     
               |      '-,netaddr-'                                       |     
               |                         (1) (3) (4)                     |     
               +-BYTEinfo--+-----------+---------------------------------+     
               |           '-,IDLETIME-'                                 |     
               +-CACHinfo------------------------------------------------+     
               +-CONFIG--------------------------------------------------+     
               |       .---------------.                                 |     
               |       V               | (1) (2) (3) (4) (5) (6) (7) (8) |     
               +-COnn----+-----------+-+---------------------------------+     
               |         +-,APPLDATA-+                                   |     
               |         '-,SERVER---'                                   |     
               +-DEFADDRT------------------------------------------------+     
               |                    (7) (9)                              |     
               +-DEvlinks--+------+--------------------------------------+     
               |           '-,SMC-'                                      |     
               |      (9)                                                |     
               +-HOme----------------------------------------------------+     
               |                               (10)                      |     
               +-IDS--+----------------------+---------------------------+     
               |      +-,SUMmary-------------+                           |     
               |      '-,PROTOcol=--protocol-'                           |     
               |    (3)                                                  |     
               +-ND------------------------------------------------------+     
               |          (2)                                            |     
               +-PORTList------------------------------------------------+     
               |           .-,SUMmary---------------. (3) (11) (12)      |     
               +-RESCache--+------------------------+--------------------+     
               |           +-,DETAIL--+-----------+-+                    |     
               |           |          '-,NEGative-' |                    |     
               |           '-,SUMmary--+------+-----'                    |     
               |                       '-,DNS-'                          |     
               |            .--------------------------.                 |     
               |       (3)  V                          |                 |     
               +-ROUTe--------+----------------------+-+-----------------+     
               |              +-,ADDRTYPE=--+-IPV4-+-+                   |     
               |              |             '-IPV6-' |                   |     
               |              +-,DETAIL--------------+                   |     
               |              +-,IQDIO---------------+                   |     
               |              +-,PR=--+-ALL----+-----+                   |     
               |              |       '-prname-'     |                   |     
               |              +-,QDIOACCEL-----------+                   |     
               |              +-,RADV----------------+                   |     
               |              '-,RSTAT---------------'                   |     
               |         (1) (2) (3) (4) (5)                             |     
               +-SOCKets-------------------------------------------------+     
               +-SRCIP---------------------------------------------------+     
               |       (13)                                              |     
               +-STATS-------+----------------------+--------------------+     
               |             '-,PROTOcol=--protocol-'                    |     
               |       .-,GRoup-------------------.                      |     
               +-TTLS--+--------------------------+----------------------+     
               |       +-,COnn=connid-+---------+-+                      |     
               |       |              '-,DETAIL-' |                      |     
               |       '-,GRoup--+---------+------'                      |     
               |                 '-,DETAIL-'                             |     
               |                   (2) (3) (5)                           |     
               +-VCRT--+---------+---------------------------------------+     
               |       '-,DETAIL-'                                       |     
               |                   (2) (3) (5)                           |     
               +-VDPT--+---------+---------------------------------------+     
               |       '-,DETAIL-'                                       |     
               |                       (3)                               |     
               +-VIPADCFG--+---------+-----------------------------------+     
               |           '-,DETAIL-'                                   |     
               '-VIPADyn-+------------+----------------------------------'     
                         +-,DVIPA-----+                                        
                         '-,VIPAROUTE-'                                        

>--+----------------------------------------------------+------><
   |                 (6)                                |   
   +-,APPLD=appldata------------------------------------+   
   |                  (1)                               |   
   +-,CLIent=--client-----------------------------------+   
   |                                                (8) |   
   +-,CONNType=--+-NOTTLSPolicy-------------------+-----+   
   |             '-TTLSPolicy--+----------------+-'     |   
   |                           +-,CURRent-------+       |   
   |                           +-,GRoup=groupid-+       |   
   |                           '-,STALE---------'       |   
   |                    (11)                            |   
   +-,DNSAddr=dnsipaddr---------------------------------+   
   |                    (12)                            |   
   +-,HOSTName=hostname---------------------------------+   
   |                      (9)                           |   
   +-,INTFName=--intfname-------------------------------+   
   |                                (3)                 |   
   +-,IPAddr=-+-ipaddr------------+---------------------+   
   |          +-ipaddr/prefixLen--+                     |   
   |          '-ipaddr/subnetmask-'                     |   
   |                         (5)                        |   
   +-,IPPort=-ipaddr+portnum----------------------------+   
   |           (4)                                      |   
   +-,NOTN3270------------------------------------------+   
   |                 (2)                                |   
   +-,POrt=--portnum------------------------------------+   
   |                   (7)                              |   
   '-,SMCID=-+-smcid-+----------------------------------'   
             '-*-----'                                      

                                            (14)   
|--+---------------------+--+-------------+---------------------|
   '-,FORMat=--+-LONG--+-'  +-,MAX=*------+        
               '-SHORT-'    '-,MAX=--recs-'

Notes:

The CLIent filter is valid only with ALL, ALLConn, BYTEinfo, COnn, and SOCKets.
The POrt filter is valid only with ALL, ALLConn, COnn, PORTList, SOCKets, VCRT, and VDPT.
The IPAddr filter is valid only with ALL, ALLConn, BYTEinfo, COnn, ND, RESCache, ROUTe, SOCKets, VCRT, VDPT, and VIPADCFG.
The NOTN3270 filter is valid only with ALL, ALLConn, BYTEinfo, COnn, and SOCKets.
The IPPort filter is valid only with ALL, ALLConn, COnn, SOCKets, VCRT, and VDPT.
The APPLD filter is valid only with ALL, ALLConn, and COnn.
The SMCID filter is valid only with ALL, ALLConn, COnn, and DEvlinks.
The CONNType filter is valid only with ALLConn and COnn.
The INTFName filter is valid only with DEvlinks and HOme.
The valid protocol values are TCP and UDP.
The DNSAddr select string is valid only with RESCache.
The HOSTName select string is valid only with RESCache.
The valid protocol values are IP, ICMP, TCP, and UDP.
If the MAX parameter is not specified on the command, the default value for the MAX parameter is the value of the MAXRECS parameter on the GLOBALCONFIG profile statement.

Parameters

Note: The minimum abbreviation for each parameter is shown in uppercase letters.

Netstat

Request NETSTAT information.

ACCess,NETWork

Displays information about the network access tree in TCP/IP.

ALL

Displays detailed information about TCP connections and UDP sockets, including some that were recently closed.

SERVER: Provides detailed information only for TCP connections that are in the listen state.

ALLConn

Displays information for all TCP/IP connections, including recently closed ones.

APPLDATA: Displays application data in the output report.

ARp

Displays ARP cache information.

netaddr: This field has a maximum length of 15. Format is nnn.nnn.nnn.nnn where nnn is in the range 0 - 255. You must code all the triplets. No wildcards are allowed.

BYTEinfo

Displays the byte-count information about each active TCP connection and UDP socket. At the end of the report, the number of records written and the total number of records are displayed. The total number of records represents all UDP sockets and all TCP connections, not just active TCP connections.

IDLETIME: Displays the idle time for each connection.

CACHinfo

Displays information about Fast Response Cache Accelerator statistics. Statistics are displayed for each listening socket configured for Fast Response Cache Accelerator support. There is one section displayed per socket.

CONFIG

Displays TCP/IP configuration data.

COnn

Displays information about each active TCP/IP connection. At the end of the report, the number of records written and the total number of records are displayed. The total number of records represents all UDP sockets and all TCP connections, not just active TCP connections.

APPLDATA: Displays application data in the output report.
SERVER: Displays detailed information about TCP connections in the listen state.

DEFADDRT

Displays the policy table for IPv6 default address selection.

DEvlinks

Displays information about interfaces in the TCP/IP address space.

SMC: Displays only detailed Shared Memory Communications over Remote Direct Memory Access (SMC-R) information about 10GbE RoCE Express® interfaces and their associated SMC-R link groups and SMC-R links.

HOme

Displays the home list.

IDS

Displays information about intrusion detection services.

SUMmary: Displays summary information about intrusion detection services.
PROTOcol=protocol: Displays information about intrusion detection services for the specified protocol. The valid protocols are TCP and UDP.

ND

Displays IPv6 Neighbor Discovery cache information.

PORTList

Displays the list of reserved ports and the port access control configuration for unreserved ports. Configure port access control for unreserved ports by specifying PORT profile statements with the port number value replaced by the keyword UNRSV. For more information about port access control, see port access control information in z/OS Communications Server: IP Configuration Guide.

For ports that are reserved by the PORTRANGE profile statement, only one output line is displayed for each range.

RESCache

Displays information about the operation of the system-wide resolver cache. This information is not specific to the TCP/IP stack whose name was specified on the D TCPIP command. Statistical information, such as number of record entries or number of cache queries, can be retrieved, or detailed information about some or all of the cache entries can be retrieved. Resolver caching is configured using resolver configuration statements in the resolver setup file. For more information about resolver caching, see details about resolver caching in z/OS Communications Server: IP Configuration Guide.

DETAIL

Display detailed information for all unexpired entries that are currently in the resolver cache. This information can include the following contents:

Host-name-to-IP address entries from resolver forward lookups
IP-address-to-host-name entries from resolver reverse lookups
Negative entries included in both forward and reverse lookup tables

NEGative: Display detailed information for all negative cache entries in the resolver cache.

SUMmary

Display general system statistics for resolver cache operations. This is the default report for the RESCACHE report option.

DNS: Display general system statistics for resolver cache operations, plus individual statistics for each DNS name server that has provided information that is currently stored in the cache.

Result: Using the DETAIL modifier might cause a large amount of data to be displayed from the MVS™ console. As an alternative, consider using either the z/OS® UNIX shell or TSO version of the command when you have large amount of resolver cache information.

ROUTe

Displays routing information. For a complete description of ROUTe, see Netstat ROUTe/-r report.

Note: Static routes over deleted interfaces are removed from the main routing table and therefore do not appear in the reports generated for the main routing table. Loopback routes are displayed as well as implicit (HOME list) routes.

ADDRTYPE

Displays routing information.

IPV4: Displays IPv4 routing information. This parameter is mutually exclusive with the RADV parameter.
IPV6: Displays IPv6 routing information.

DETAIL

Displays the preceding information plus the metric or cost of use for the route, and displays the following MVS-specific configured parameters for each route:

Maximum retransmit time
Minimum retransmit time
Round-trip gain
Variance gain
Variance multiplier

This parameter is mutually exclusive with the QDIOACCEL and IQDIO parameters.

PR

Displays policy-based routing tables. This parameter is mutually exclusive with the QDIOACCEL and IQDIO parameters.

ALL: Displays all policy-based routing tables.
prname: Displays the policy-based routing table that has the name prname.

Restriction: Only active policy-based routing tables can be displayed with the Netstat ROUTe command. A policy-based routing table is active if an active routing rule and its associated action reference the policy-based routing table. You can display both active and inactive policy-based routing tables by using the pasearch command. For more information, see The z/OS UNIX pasearch command: Display policies.

QDIOACCEL

IQDIO

Displays routes that are eligible for accelerated routing by using the QDIO Accelerator or HiperSockets™ Accelerator. See information about QDIO Accelerator and efficient routing using HiperSockets Accelerator in z/OS Communications Server: IP Configuration Guide for more details. This parameter is mutually exclusive with the DETAIL, PR, RADV, and RSTAT parameters.

RADV

Displays all of the IPv6 routes that are added based on information received in router advertisement messages. All IPv6 router advertisement routes are displayed regardless of whether they are currently used for routing. The flags and reference count are not displayed on the report. This parameter is mutually exclusive with the RSTAT, QDIOACCEL, IQDIO, and ADDRTYPE=IPV4 parameters.

RSTAT

Displays all of the static routes that are defined as replaceable. All defined replaceable static routes are displayed without regard to whether they are currently being used for routing. The flags and reference count are not displayed on the report. The MTU value that is displayed in this report is the value that was defined by using the MTU parameter in the ROUTE statement, or the default value for the specified interface type. This parameter is mutually exclusive with the RADV, QDIOACCEL, and IQDIO parameters.

SOCKets

Displays information for open TCP or UDP sockets that are associated with a client name.

SRCIP

Displays information for all job-specific and destination-specific source IP address associations on the TCP/IP address space.

STATS

Displays TCP/IP statistics for each protocol.

PROTOcol=protocol: Displays statistics for the specified protocol. The valid protocols are IP, ICMP, TCP, and UDP.
Result: If you specify TCP, you get both TCP and SMC-R statistics.

TTLS

Displays Application Transparent Transport Layer Security (AT-TLS) information for TCP protocol connections.

COnn=connid

Displays the name of the AT-TLS policy rule and the names of the associated actions for the specified connection. The specified connid is a number assigned by the TCP/IP stack to uniquely identify a socket entity. You can determine the connid from the Conn column in the Netstat ALLConn/-a report.

DETAIL: Displays the AT-TLS policy rule and the associated actions for the specified connection.

GRoup

Displays summary information for AT-TLS groups. AT-TLS groups are defined using the TTLSGroupAction policy statement. The AT-TLS group exists as long as the TTLSGroupAction statement is current or as long as there are active connections using the group.

DETAIL: Displays detailed information for AT-TLS groups.

VCRT

Displays the dynamic VIPA Connection Routing Table information.

DETAIL: For each entry that represents an established dynamic VIPA connection or an affinity created by the passive-mode FTP, displays the preceding information plus the policy rule, action information, routing information, and acceleration information.
For each entry that represents an affinity created by the TIMEDAFFINITY parameter on the VIPADISTRIBUTE profile statement, displays the preceding information plus the affinity related information.

VDPT

Displays the dynamic VIPA Destination Port Table information.

DETAIL: If this optional keyword is specified, when the table for TCP/IP stacks is displayed, the output contains policy action information, target responsiveness values, and a Workload Manager weight value (W/Q), on a separate line. If the DETAIL keyword is not specified, the output does not contain this information.
When the table for non-z/OS targets is displayed, the output contains the weight of the non-z/OS target. If the DETAIL keyword is not specified, the output does not contain this information.

VIPADCFG

Displays the current dynamic VIPA configuration information for a host.

VIPADyn

Displays the current dynamic VIPA and VIPAROUTE information for a local host.

DVIPA: Displays the current dynamic VIPA information only.
VIPAROUTE: Displays the current VIPAROUTE information only.

APPLD=appldata

Filter the output of the ALL, ALLConn, and COnn reports by using the specified application data appldata. The maximum size for this field is 40 alphanumeric characters.

CLIent=client

Specifies a client name that is used to limit the ALL, ALLConn, BYTEinfo, COnn, and SOCKets responses. Maximum size for this field is 8 alphanumeric characters (plus special characters #, $, and @). Wildcards (* and ?) can appear in any position.

CONNType

Specifies a connection type to limit the ALLConn and COnn responses.

NOTTLSPolicy

Displays only those connections that have not been matched to an Application Transparent Transport Layer Security (AT-TLS) rule. This includes connections that were established while the AT-TLS function was disabled (NOTTLS is specified or in effect by default on the TCPCONFIG statement) and all connections that are not using the TCP protocol. For TCP connections that were established while the AT-TLS function was enabled, this includes the following connections:

Connections for which AT-TLS policy lookup has not yet occurred (typically the first send or receive has not yet been issued ).
Connections for which AT-TLS policy lookup has occurred but for which no matching rule was found.

TTLSPolicy

Displays only connections that match an Application Transparent Transport Layer Security (AT-TLS) rule. This includes only connections that were established while the AT-TLS function was enabled, for which an AT-TLS policy rule was found with the value TTLSEnabled ON or TTLSEnabled OFF specified in the TTLSGroupAction. Responses can be further limited on AT-TLS connection type. AT-TLS connection type has the following values:

CURRent: Displays only connections that are using AT-TLS where the rule and all actions are still available to be used for new connections.
GRoup=groupid: Displays only connections that are using the AT-TLS group specified by the groupid value. The specified groupid value is a number assigned by the TCP/IP stack to uniquely identify an AT-TLS group. You can determine the groupid value from the GroupID field in the Netstat TTLS GROUP report.
STALE: Displays only connections that are using AT-TLS where the rule or at least one action is no longer available to be used for new connections.

DNSAddr=dnsipaddr

Filter the output of the RESCache report using the specified DNS IP address dnsipaddr.

HOSTName=hostname

Filter the output of the RESCache report using the specified host name value hostname.

INTFName=intfname

Specifies a name that you can use to limit the DEvlinks and HOme report options to a single interface or to a group of interfaces.

For the DEvlinks and HOme report options, the INTFName filter can be one of the following values:

The link name of a network interface that was configured on a LINK profile statement (this option selects one interface).
The interface name of a network interface that was configured on an INTERFACE profile statement (this option selects one interface).
The port name of an OSA-Express feature in QDIO mode. This is the name that is specified on the PORTNAME keyword in the TRLE (this option selects all interfaces that are associated with the OSA-Express port, including an OSAENTA trace interface).
The name of a HiperSockets TRLE (this option selects all interfaces that are associated with the HiperSockets TRLE).

Additionally, for the DEvlinks report option, the INTFName filter can also be the interface name of an OSAENTA trace interface, which is EZANTAportname, where the portname value is the name that is specified on the PORTNAME keyword in the TRLE for the OSA-Express port that is being traced (this option selects one interface).

IPAddr

Provides the option response on specified ipaddr, ipaddr/subnetmask or ipaddr/prefixlength

ipaddr: Provides the response for ALL, ALLConn, BYTEinfo, COnn, ND, RESCache, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address (ipaddr). Except for the RESCache option, with IPv4 addresses, the default subnet mask 255.255.255.255 is used; for IPv6 addresses, the default prefix length 128 is used. The RECache option does not support any default subnet mask or default prefix length.
ipaddr/subnetmask: Provides the response for ALL, ALLConn, BYTEinfo, COnn, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address with specified subnet mask (ipaddr/subnetmask). The IP address (ipaddr) in this format must be an IPv4 IP address.
ipaddr/prefixlength: Provides the response for ALL, ALLConn, BYTEinfo, COnn, ND, ROUTe, SOCKets, VCRT, and VDPT on the specified IP address and prefix length. For IPv4 addresses, the prefix length range is 1 - 32. For IPv6 addresses, the prefix length range is 1 - 128.

IPPort=ipaddr+portnum

Specifies the IP address and port that are used to limit the ALL, ALLConn, COnn, SOCKets, VCRT, and VDPT report options to the TCP local endpoints, TCP remote endpoints, or the UDP local endpoint. The specified IPv4 ipaddr value can be up to 15 characters in length, denoting a single IPv4 IP address; the specified IPv6 ipaddr value can be up to 45 characters in length, denoting a single IPv6 IP address. For TCP, the filter values ipaddr and portnum match any combination of the local and remote IP address and local and remote port.

NOTN3270

Provides the response of ALL, ALLConn, BYTEinfo, COnn, and SOCKets, excluding TN3270E Telnet server connections.

POrt=portnum

Specifies a port that is used to limit the ALL, ALLConn, COnn, PORTList, SOCKets, VCRT, and VDPT options. The port value range, for all options except the PORTLIST option, is 0 - 65535. No wildcards are allowed. For the PORTList option only, the port value range is 1 - 65535 and you can also filter on the keyword UNRSV.

SMCID=smcid

Specifies a Shared Memory Communications - RDMA (SMC-R) link or link group identifier that is used to limit the ALL, ALLConn, COnn, and DEvlinks report options. If an asterisk (*) is specified for the filter value, Netstat provides output only for entries that are associated with SMC-R link, and link groups.

MAX=recs

The maximum number of records for which Netstat displays information on the console. The value recs indicates the number of records that are displayed on each report. For example, for the connection-related reports, a record is a TCP connection or listener, or a UDP endpoint. Valid recs values are in the range 1 - 65535. Specify an asterisk (*) to display information for all records on the console. If the number of output lines exceeds the maximum number of lines for a multi-line WTO (Write to Operator) message, the report output is truncated.

This parameter applies to the ACCess, ALL, ALLConn, ARp, BYTEinfo, CACHinfo, COnn, DEFADDRT, DEvlinks, HOme, IDS, ND, PORTList, RESCache, ROUTe, SOCKets, SRCIP, VCRT, VDPT, and VIPADyn reports. The following list shows the descriptions of variations in support for the parameter for specific reports:

DEvlinks report - The parameter and the values in the n OF m RECORDS DISPLAYED output line apply only to network interfaces that are defined with DEVICE or INTERFACE profile statements. These parameters and values do not apply to the LAN group or to the OSA-Express network traffic analyzer information.
HOme - The parameter and the values in the n OF m RECORDS DISPLAYED output line apply to the IP addresses that are displayed by the report.

If this parameter is specified, it overrides the MAXRECS parameter value on the GLOBALCONFIG profile statement. If this parameter is not specified, the number of records value used for the report is one of the following vlaues:

The MAXRECS parameter value that is specified on the GLOBALCONFIG TCP/IP profile statement.
If the MAXRECS parameter is not specified, the MAXRECS parameter default value of 100 records.

The number of records that are displayed and the total number of records that could have been displayed are listed at the end of the report in the following output line, where n is the number of records that are displayed and m is the total number of records that could be displayed.

n OF m RECORDS DISPLAYED

If the report output is truncated, the n value specifies the number of records for which all output lines are successfully displayed.

Examples

DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK report

Use the DISPLAY TCPIP,,NETSTAT,ACCESS,NETWORK[,ipaddr] command to display the current NETACCESS profile statement configuration and associated security product information. When you specify the optional ipaddr value, the report is limited to the single NETACCESS entry, if any, that is currently being used by the stack for the specified IP address.

Parameters

ipaddr: A fully qualified IPv4 or IPv6 IP address. Wildcard IP address values are not supported. This value is used to display the NETACCESS profile statement entry that governs the specified ipaddr value.

Examples

Not IPv6 enabled (SHORT format):

 NETWORK ACCESS INFORMATION                                            
 INBOUND: YES  OUTBOUND: YES      CACHE: ALL                          
 NETWORK PREFIX  ADDRESS MASK     SAF NAME                             
 DEFAULTHOME     <NONE>           DEFLTHOM                             
   PRFNM: EZB.NETACCESS.MVS00111.TCPCS100.DEFLTHOM  SECLABEL: SYSMULTI   
 DEFAULT         <NONE>           DEFLT                                
   PRFNM: EZB.NETACCESS.*.*.*                       SECLABEL: OUTSIDER        
 10.0.0.0        255.0.0.0        SITENET                              
   PRFNM: EZB.NETACCESS.*.*.SITE*                   SECLABEL: INTERNAL      
 10.240.90.0     255.255.255.224  PAYROLL                              
   PRFNM: EZB.NETACCESS.*.*.PAYROLL                 SECLABEL: CONFACCT  
 10.240.90.32    255.255.255.224  SALES                             
   PRFNM: EZB.NETACCESS.*.*.SALES                   SECLABEL: <NONE>    
 10.240.90.64    255.255.255.224  TRAINING                             
   PRFNM: <NONE>                                    SECLABEL: <NONE>    
 10.240.68.0     255.255.255.0    TESTFLOR                             
   PRFNM: EZB.NETACCESS.MVS00111.*.TESTFLOR         SECLABEL: SITEEAST      
 7 OF  7 RECORDS DISPLAYED
 END OF THE REPORT

IPv6 enabled or request for LONG format:

NETWORK ACCESS INFORMATION                                            
INBOUND: YES  OUTBOUND: YES  CACHE: ALL                               
SAF NAME  NETWORK PREFIX AND PREFIX LENGTH                            
--------  --------------------------------                            
DEFLTHOM  DEFAULTHOME                                                 
  PRFNM: EZB.NETACCESS.MVS00111.TCPCS100.DEFLTHOM  SECLABEL: SYSMULTI   
DEFLT     DEFAULT                                                     
  PRFNM: EZB.NETACCESS.*.*.*                       SECLABEL: OUTSIDER           
SITENET   10.0.0.0/8                                                 
  PRFNM: EZB.NETACCESS.*.*.SITE*                   SECLABEL: INTERNAL    
PAYROLL   10.240.90.0/27                                              
  PRFNM: EZB.NETACCESS.*.*.PAYROLL*                SECLABEL: CONFACCT   
SALES     10.240.90.32/27                             
  PRFNM: EZB.NETACCESS.*.*.SALES                   SECLABEL: <NONE>    
TRAINING  10.240.90.64/27
  PRFNM: <NONE>                                    SECLABEL: <NONE>    
TESTFLOR  10.240.68.0/24                                             
  PRFNM: EZB.NETACCESS.MVS00111.*.TESTFLOR         SECLABEL: SITEEAST      
SITENET6  2001:0DB8:1::/64                                            
  PRFNM: EZB.NETACCESS.*.*.SITE*                   SECLABEL: INTERNAL    
PAYROLL6  2001:0DB8:1:0:9:67:115:66/128                               
  PRFNM: EZB.NETACCESS.*.*.PAYROLL*                SECLABEL: CONFACCT       
7 OF 7 RECORDS DISPLAYED
END OF THE REPORT

Report field descriptions

For a SHORT format report

INBOUND

Indicates whether Network Access Control is active for socket commands associated with inbound processing (accept, bind, and all variants of receive).

Yes: Indicates that INBOUND is in effect (the INBOUND parameter was defined in the NETACCESS profile statement).

No: Indicates that INBOUND is not in effect (the NOINBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).

OUTBOUND

Indicates whether Network Access Control is active for socket commands associated with outbound processing (connect and all variants of send).

Yes: Indicates that OUTBOUND is in effect (the OUTBOUND parameter was defined or is in effect by default in the NETACCESS profile statement).

No: Indicates that OUTBOUND is not in effect (the NOOUTBOUND parameter was defined in the NETACCESS profile statement).

CACHE

Indicates the level of caching that is in effect for the Network Access Control access checking.

ALL: Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached regardless of whether access is permitted or denied.
PERMIT: Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied.
SAME: Indicates that when a SAF call is made to check a user's access to a security zone, the result is cached when access is permitted, but not when access is denied. In addition, if the user associated with the socket changes or if the IP address being accessed changes from the previous packet received or sent over the socket, a new SAF call is made for a previously permitted security zone.

SAF NAME

The final qualifier of a security product resource name. The maximum length is eight characters.

PRFNM

The security product profile covering this network security zone resource name. If no profile name covers this resource name or the SERVAUTH resource class is not active, the value NONE is displayed.

SECLABEL

The security label configured for the security product profile. If none is configured or the SECLABEL resource class is not active, the value NONE is displayed.

NETWORK PREFIX AND ADDRESS MASK

Can be one of the following case:

The IPv4 IP address configured on a NETACCESS statement entry. It is logically ANDed with the ADDRESS MASK value to create the network address for which access control is required.
The DEFAULTHOME entry configured on a NETACCESS statement entry. This entry is used for all IP addresses local to this stack that are not covered by a specific entry. This entry does not have an ADDRESS MASK.
The DEFAULT entry configured on a NETACCESS statement entry. This entry is used for all IP addresses that are not covered by any other entry. This entry does not have an ADDRESS MASK.

For a LONG format report