Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Access Control Lists
Understanding ACLs ▀
Cisco ASR 5000 Series Session Control Manager Administration Guide ▄
OL-22952-01
The following syntax is used when configuring rule criteria that apply to destination AoRs:
Keyword/Variable
Description
The address of record to which the packet is being sent.This option is used to filter all packets being sent to a
specific address of record or a group of AoRs. When specifying a group of addresses, the initial address is
configured using this parameter. The range can then be configured using the
specific address of record or a group of AoRs. When specifying a group of addresses, the initial address is
configured using this parameter. The range can then be configured using the
parameter.
This option is used in conjunction with the
option to specify a group of addresses for which packets are to
be filtered. The mask must be entered as a complement:Zero-bits in this parameter mean that the
corresponding bits configured for the
corresponding bits configured for the
parameter must be identical. One-bits in this parameter mean that
the corresponding bits configured for the
parameter must be ignored.
I
MPORTANT
:
The mask must contain a contiguous set of one-bits from the least significant bit
(LSB). Therefore, allowed masks are 0, 1, 3, 7, 15, 31, 63, 127, and 255. For example, acceptable
wildcards are 0.0.0.3, 0.0.0.255, and 0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the
one-bits are not contiguous.
wildcards are 0.0.0.3, 0.0.0.255, and 0.0.15.255. A wildcard of 0.0.7.15 is not acceptable since the
one-bits are not contiguous.
Rule Order
A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules, in the order in
which they were entered, until a match is found. Once a match is identified, all subsequent rules are ignored.
which they were entered, until a match is found. Once a match is identified, all subsequent rules are ignored.
Additional rules can be added to an existing ACL and properly ordered using either of the following options:
Before
After
Using these placement options requires the specification of an existing rule in the ACL and the configuration of the new
rule as demonstrated by the following flow:
rule as demonstrated by the following flow:
An example of an ACL is shown in the following section.
Viewing ACLs
ACLs can be viewed through the
command executed from the context where the ACL
resides. The following example was taken from the output of the
<
>
command: