Asr 5500 System Administration Guide, Staros Release 21.4 - Cisco ASR 5000 Series Administration Manual

Access Control Lists
• Any: Filters all packets
• Host: Filters packets based on the source host IP address
• ICMP: Filters Internet Control Message Protocol (ICMP) packets
• IP: Filters Internet Protocol (IP) packets
• Source IP Address: Filter packets based on one or more source IP addresses
• TCP: Filters Transport Control Protocol (TCP) packets
• UDP: Filters User Datagram Protocol (UDP) packets
Each of the above criteria are described in detail in the sections that follow.
Important The following sections contain basic ACL rule syntax information. Refer to the ACL Configuration Mode
Commands and IPv6 ACL Configuration Mode Commands chapters in the Command Line Interface
Reference for the full command syntax.
• Any: The rule applies to all packets.
• Host: The rule applies to a specific host as determined by its IP address.
• ICMP: The rule applies to specific Internet Control Message Protocol (ICMP) packets, Types, or Codes.
ICMP type and code definitions can be found at www.iana.org (RFC 3232).
• IP: The rule applies to specific Internet Protocol (IP) packets or fragments.
• IP Packet Size Identification Algorithm: The rule applies to specific Internet Protocol (IP) packets
identification for fragmentation during forwarding.
This configuration is related to the "IP Identification field" assignment algorithm used by the system,
when subscriber packets are being encapsulated (such as Mobile IP and other tunneling encapsulation).
Within the system, subscriber packet encapsulation is done in a distributed way and a 16-bit IP
identification space is divided and distributed to each entity which does the encapsulation, so that unique
IP identification value can be assigned for IP headers during encapsulation.
Since this distributed IP Identification space is small, a non-zero unique identification will be assigned
only for those packets which may potentially be fragmented during forwarding (since the IP identification
field is only used for reassembly of the fragmented packet). The total size of the IP packet is used to
determine the possibility of that packet getting fragmented.
• Source IP Address: The rule applies to specific packets originating from a specific source address or
a group of source addresses.
• TCP: The rule applies to any Transport Control Protocol (TCP) traffic and could be filtered on any
combination of source/destination IP addresses, a specific port number, or a group of port numbers. TCP
port numbers definitions can be found at www.iana.org
• UDP: The rule applies to any User Datagram Protocol (UDP) traffic and could be filtered on any
combination of source/destination IP addresses, a specific port number, or a group of port numbers.
UDP port numbers definitions can be found at www.iana.org.

ASR 5500 System Administration Guide, StarOS Release 21.4

Rule(s)
249