Руководство По Устранению Ошибки для Cisco Cisco Tunnel Terminating Gateway (TTG)
Firewall-and-NAT Policy Configuration Mode Commands
access-rule ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22948-01
Specifies the charging action. Optionally, for deny action a charging action can be configured. If a packet
matches the deny rule, action is taken as configured in the charging action. If a charging action is specified,
the content-ID and billing-action configured in the charging action are used. Also, the flow may be
terminated (instead of just discarding the packet), if so configured in the specified charging action.
matches the deny rule, action is taken as configured in the charging action. If a charging action is specified,
the content-ID and billing-action configured in the charging action are used. Also, the flow may be
terminated (instead of just discarding the packet), if so configured in the specified charging action.
must be an alpha and/or numeric string of 1 through 63 characters in length.
Specifies to bypass NAT.
Specifies the NAT realm to be used to perform NAT on subscriber packets matching the access ruledef. If the
NAT realm is not specified, NAT will be bypassed. That is, NAT will not be performed on subscriber packets
that are matching a ruledef with no NAT realm name configured in it.
NAT realm is not specified, NAT will be bypassed. That is, NAT will not be performed on subscriber packets
that are matching a ruledef with no NAT realm name configured in it.
must be an alpha and/or numeric string of 1 through 31 characters in length.
Specifies priority of an access ruledef in the Firewall-and-NAT policy.
must be an integer from 1 through 65535, and must be unique for each access ruledef in the
Firewall-and-NAT policy.
Specifies the access ruledef name. Optionally, the ruledef type can also be specified.
: Dynamic Ruledef—Predefined ruledef that can be enabled/disabled by the policy
server, and is disabled by default.
: Static and Dynamic Ruledef—Predefined ruledef that can be
enabled/disabled by the policy server, and is enabled by default.
: Specifies the access ruledef name.
must be
an alpha and/or numeric string of 1 through 63 characters in length.
Optionally a port trigger can be specified to be used for this rule to limit the range of auxiliary data
connections (a single or range of port numbers) for protocols having control and data connections (like FTP).
The trigger port will be the destination port of an association which matches a rule.
connections (a single or range of port numbers) for protocols having control and data connections (like FTP).
The trigger port will be the destination port of an association which matches a rule.
: Specifies the auxiliary port number to open for traffic, and must be an integer from 1
through 65535.
: Specifies the range of port numbers to open for subscriber
traffic.
must be an integer from 1 through 65535.
must be an integer from 1 through 65535, and must be greater than
.
: Specifies the direction from which the auxiliary
connection is initiated. This direction can be same as the direction of control connection, or the
reverse of the control connection direction, or in both directions.
reverse of the control connection direction, or in both directions.