Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Access Control Lists
▀ Understanding ACLs
▄ Cisco ASR 5000 Series Enhanced Feature Configuration Guide
OL-22982-01
Criteria
Each ACL consists of one or more rules specifying the criteria that packets will be compared against.
The following criteria are supported:
Any: Filters all packets
Host: Filters packets based on the source host IP address
ICMP: Filters Internet Control Message Protocol (ICMP) packets
IP: Filters Internet Protocol (IP) packets
Source IP Address: Filter packets based on one or more source IP addresses
TCP: Filters Transport Control Protocol (TCP) packets
UDP: Filters User Datagram Protocol (UDP) packets
Each of the above criteria are described in detail in the sections that follow.
Important:
The following sections contain basic ACL rule syntax information. Refer to the ACL Configuration
Mode Commands chapter of the Command Line Interface Reference for the full command syntax.
Any: The rule applies to all packets.
Host: The rule applies to a specific host as determined by its IP address.
ICMP: The rule applies to specific Internet Control Message Protocol (ICMP) packets, Types, or Codes.
Important:
ICMP type and code definitions can be found at www.iana.org as indicated by
RFC 3232.
IP: The rule applies to specific Internet Protocol (IP) packets or fragments.
IP Packet Size Identification Algorithm: The rule applies to specific Internet Protocol (IP) packets
identification for fragmentation during forwarding.
This configuration is related to the ―IP Identification field‖ assignment algorithm used by the system, when subscriber
packets are being encapsulated (such as Mobile IP and other tunneling encapsulation). Within the system, subscriber
packet encapsulation is done in a distributed way and a 16 bit IP identification space is divided and distributed to each
entity which does the encapsulation, so that unique IP identification value can be assigned for IP headers during
encapsulation.
packets are being encapsulated (such as Mobile IP and other tunneling encapsulation). Within the system, subscriber
packet encapsulation is done in a distributed way and a 16 bit IP identification space is divided and distributed to each
entity which does the encapsulation, so that unique IP identification value can be assigned for IP headers during
encapsulation.
Since this distributed IP Identification space is small, a non-zero unique identification will be assigned only for those
packets, which may potentially be fragmented during forwarding (since the IP identification field is only used for
reassembly of the fragmented packet). The total size of the IP packet is used to determine the possibility of that packet
getting fragmented.
packets, which may potentially be fragmented during forwarding (since the IP identification field is only used for
reassembly of the fragmented packet). The total size of the IP packet is used to determine the possibility of that packet
getting fragmented.
Source IP Address: The rule applies to specific packets originating from a specific source address or a group of
source addresses.