Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
Access Control Lists
▀ Understanding ACLs
▄ Cisco ASR 5000 Series Session Control Manager Administration Guide
OL-22952-01
Understanding ACLs
This section discusses concepts about how ACLs are created, ordered, and viewed on the system. The two main aspects
to consider when creating an ACL are:
to consider when creating an ACL are:
Rule(s)
A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured to take a specific
action on packets matching specific criteria. Up to 128 rules can be configured per ACL.
action on packets matching specific criteria. Up to 128 rules can be configured per ACL.
I
MPORTANT
:
Configured ACLs consisting of no rules imply a “permit any” rule. The
action and
criteria are discussed later in this section.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the rule actions
and criteria supported by the system.
and criteria supported by the system.
Actions
ACLs specify that one of the following actions can be taken on a packet that matches the specified criteria:
Deny: The packet is rejected.
Permit: The packet is accepted and processed.
Log: Enables logging for packets meeting the criteria specified in the ACL. The logs can be viewed by executing
the
command in the system’s Execute mode.
I
MPORTANT
:
Packet logging is not supported for context-level (policy) ACLs. Subscriber-
level ACL logging can be performed using the Session Manager task (sessmgr) logging facility.
Permit and Deny use the following syntax:
Keyword/Variable
Description