•
Any
: Filters all packets
•
Host
: Filters packets based on the source host IP address
•
ICMP
: Filters Internet Control Message Protocol (ICMP) packets
•
IP
: Filters Internet Protocol (IP) packets
•
Source IP Address
: Filter packets based on one or more source IP addresses
•
TCP
: Filters Transport Control Protocol (TCP) packets
•
UDP
: Filters User Datagram Protocol (UDP) packets
Each of the above criteria are described in detail in the sections that follow.
The following sections contain basic ACL rule syntax information. Refer to the
ACL Configuration Mode
Commands
and
IPv6 ACL Configuration Mode Commands
chapters in the
Command Line Interface
Reference
for the full command syntax.
Important
•
Any
: The rule applies to all packets.
•
Host
: The rule applies to a specific host as determined by its IP address.
•
ICMP
: The rule applies to specific Internet Control Message Protocol (ICMP) packets, Types, or Codes.
ICMP type and code definitions can be found at
www.iana.org
(RFC 3232).
•
IP
: The rule applies to specific Internet Protocol (IP) packets or fragments.
•
IP Packet Size Identification Algorithm
: The rule applies to specific Internet Protocol (IP) packets
identification for fragmentation during forwarding.
This configuration is related to the "IP Identification field" assignment algorithm used by the system,
when subscriber packets are being encapsulated (such as Mobile IP and other tunneling encapsulation).
Within the system, subscriber packet encapsulation is done in a distributed way and a 16-bit IP
identification space is divided and distributed to each entity which does the encapsulation, so that unique
IP identification value can be assigned for IP headers during encapsulation.
Since this distributed IP Identification space is small, a non-zero unique identification will be assigned
only for those packets which may potentially be fragmented during forwarding (since the IP identification
field is only used for reassembly of the fragmented packet). The total size of the IP packet is used to
determine the possibility of that packet getting fragmented.
•
Source IP Address
: The rule applies to specific packets originating from a specific source address or
a group of source addresses.
•
TCP
: The rule applies to any Transport Control Protocol (TCP) traffic and could be filtered on any
combination of source/destination IP addresses, a specific port number, or a group of port numbers. TCP
port numbers definitions can be found at
www.iana.org
•
UDP
: The rule applies to any User Datagram Protocol (UDP) traffic and could be filtered on any
combination of source/destination IP addresses, a specific port number, or a group of port numbers.
UDP port numbers definitions can be found at
www.iana.org
.
ASR 5500 System Administration Guide, StarOS Release 21.5
185
Access Control Lists
Rule(s)
Содержание ASR 5500
Страница 100: ...ASR 5500 System Administration Guide StarOS Release 21 5 74 System Interfaces and Ports VLANs and Management Ports ...
Страница 136: ...ASR 5500 System Administration Guide StarOS Release 21 5 110 Smart Licensing Smart Licensing Bulk Statistics ...
Страница 140: ...ASR 5500 System Administration Guide StarOS Release 21 5 114 Monitoring the System Clearing Statistics and Counters ...
Страница 260: ...ASR 5500 System Administration Guide StarOS Release 21 5 234 Routing Viewing Routing Information ...
Страница 278: ...ASR 5500 System Administration Guide StarOS Release 21 5 252 BGP MPLS VPNs VPN Related CLI Commands ...
Страница 292: ...ASR 5500 System Administration Guide StarOS Release 21 5 266 Session Recovery Sample Output for show rct stats verbose ...
Страница 324: ...ASR 5500 System Administration Guide StarOS Release 21 5 298 Interchassis Session Recovery Fallback Procedure ...
Страница 338: ...ASR 5500 System Administration Guide StarOS Release 21 5 312 Engineering Rules ECMP Groups ...
Страница 362: ...ASR 5500 System Administration Guide StarOS Release 21 5 336 StarOS Tasks Management Processes ...