Cisco Cisco ASR 5000
Firewall-and-NAT Policy Configuration Mode Commands
access-rule ▀
Command Line Interface Reference, StarOS Release 18 ▄
5101
action
Specifies action to take on downlink/uplink packets with no ruledef match.
deny
Specifies to deny packets.
permit
Specifies to permit packets and allow the creation of data flows.
charging-action charging_action
Specifies the charging action. Optionally, a charging action can be configured for deny action. If a packet
matches the deny rule, action is taken as configured in the charging action. If a charging action is specified,
the content-ID and billing-action configured in the charging action are used. Also, the flow may be
terminated (instead of just discarding the packet), if so configured in the specified charging action.
matches the deny rule, action is taken as configured in the charging action. If a charging action is specified,
the content-ID and billing-action configured in the charging action are used. Also, the flow may be
terminated (instead of just discarding the packet), if so configured in the specified charging action.
charging_action
must be an alphanumeric string of 1 through 63 characters.
bypass-nat
Important:
In 9.0 and later releases, this keyword is NAT license dependent.
Specifies to bypass NAT.
nat-realm nat_realm
Important:
In 9.0 and later releases, this keyword is NAT license dependent.
Specifies the NAT realm to be used to perform NAT on subscriber packets matching the access ruledef. If the
NAT realm is not specified, NAT will be bypassed. That is, NAT will not be performed on subscriber packets
that are matching a ruledef with no NAT realm name configured in it.
NAT realm is not specified, NAT will be bypassed. That is, NAT will not be performed on subscriber packets
that are matching a ruledef with no NAT realm name configured in it.
nat_realm
must be an alphanumeric string of 1 through 31 characters.
priority priority
Specifies priority of an access ruledef in the Firewall-and-NAT policy.
priority
must be an integer from 1 through 65535 that is unique for each access ruledef in the Firewall-
and-NAT policy.
[ dynamic-only | static-and-dynamic ] access-ruledef ruledef_name
Specifies the access ruledef name. Optionally, the ruledef type can also be specified.
dynamic-only
: Dynamic Ruledef—Predefined ruledef that can be enabled/disabled by the policy
server, and is disabled by default.
static-and-dynamic
: Static and Dynamic Ruledef—Predefined ruledef that can be enabled/disabled
by the policy server, and is enabled by default.
access-ruledef
ruledef_name
: Specifies the access ruledef name.
ruledef_name
must be an
alphanumeric string of 1 through 63 characters.