Cisco Cisco ASR 5000
Firewall-and-NAT Policy Configuration Mode Commands
▀ access-rule
▄ Command Line Interface Reference, StarOS Release 18
5100
access-rule
This command creates and configures an access rule.
Product
PSF
NAT
SaMOG
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
access-rule { no-ruledef-matches { downlink | uplink } action { deny [ charging-action
charging_action ] | permit [ bypass-nat | nat-realm nat_realm [ fw-and-nat-action name ]
] } | priority priority { [ dynamic-only | static-and-dynamic ] access-ruledef
ruledef_name { deny [ charging-action charging_action ] | permit [ [ bypass-nat | nat-
realm nat_realm [ fw-and-nat-action name ] ] | trigger open-port { port_number | range
start_port to end_port } direction { both | reverse | same } ] } } }
charging_action ] | permit [ bypass-nat | nat-realm nat_realm [ fw-and-nat-action name ]
] } | priority priority { [ dynamic-only | static-and-dynamic ] access-ruledef
ruledef_name { deny [ charging-action charging_action ] | permit [ [ bypass-nat | nat-
realm nat_realm [ fw-and-nat-action name ] ] | trigger open-port { port_number | range
start_port to end_port } direction { both | reverse | same } ] } } }
default access-rule no-ruledef-matches { downlink | uplink } action
no access-rule priority priority
default
Configures the default setting.
Default: Uplink direction:
Default: Uplink direction:
permit
; Downlink direction:
deny
no
Removes the access rule specified by the priority.
no-ruledef-matches
Configures action on packets with no ruledef match.
downlink
Specifies to act on downlink packets with no ruledef match.
uplink
Specifies to act on uplink packets with no ruledef match.