EasyManuals Logo
Home>Cisco>Network Router>ASR 5000 Series

Cisco ASR 5000 Series Administration Guide

Cisco ASR 5000 Series
508 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #283 background imageLoading...
Page #283 background image
{ ip | ipv6 } access-list acl_list_name
end
Notes:
The maximum number of ACLs that can be configured per context is limited by the amount of available
memory in the VPN Manager software task. Typically, the maximum is less than 200.
Configuring Action and Criteria for Subscriber Traffic
To create rules to deny/permit the subscriber traffic and apply the rules after or before action, enter the following
command sequence from the Exec mode of the system CLI:
configure
context acl_ctxt_name [ -noconfirm ]
{ ip | ipv6 } access-list acl_list_name
deny { ip_address | any | host | icmp | ip | log | tcp | udp }
permit { ip_address | any | host | icmp | ip | log | tcp | udp }
after { deny | permit | readdress | redirect }
before { deny | permit | readdress | redirect }
end
Notes:
The system does not apply a "deny any" rule, unless it is specified in the ACL. This behavior can be
changed by adding a "deny any" rule at the end of the ACL.
Caution
The maximum number of rules that can be configured per ACL varies depending on how the ACL is to
be used. For more information, refer to the Engineering Rules chapter.
Use the information provided in the Actions and Criteria to configure the rules that comprise the ACL.
For more information, refer to the ACL Configuration Mode Commands and IPv6 ACL Configuration
Mode Commands chapters in the Command Line Interface Reference.
Configuring an Undefined ACL
As discussed previously the system uses an "undefined" ACL mechanism for filtering the packet(s) in the
event that an ACL that has been applied is not present. This scenario is likely the result of a mis-configuration
such as the ACL name being mis-typed during the configuration process.
For these scenarios, the system provides an "undefined" ACL that acts as a default filter for all packets into
the context. The default action is to "permit all".
To modify the default behavior for unidentified ACLs, use the following configuration:
configure
context acl_ctxt_name [-noconfirm]
access-list undefined { deny-all | permit-all }
end
Notes:
ASR 5500 System Administration Guide, StarOS Release 21.4
251
Access Control Lists
Configuring Action and Criteria for Subscriber Traffic

Table of Contents

Other manuals for Cisco ASR 5000 Series

Preview: Product Overview
Product Overview992 pages
Preview: Thresholding Configuration Guide
Thresholding Configuration Guide163 pages
Preview: Installation Guide
Installation Guide317 pages
Preview: Installation And Administration Guide
Installation And Administration Guide95 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5000 Series and is the answer not in the manual?

Cisco ASR 5000 Series Specifications

General IconGeneral
BrandCisco
ModelASR 5000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals