Configuring policy
To view the existing rules in a list, enter the list's context and type ip show-rule. Each list
starts with a default rule. Each new rule has the same default parameters as the default rule.
The default rule appears as follows:
G350-001(super-ACL 301)# show ip-rule
Index Protocol
DSCP
----- -------- --- ---------------- --------------- ------------ --------------
Deflt
Any
Any
This rule permits all packets.
Rule criteria
This section describes the rule criteria you can define and includes the following topics:
IP protocol
●
Source and destination IP address
●
destination IP addresses to which the rule applies
Source and destination port range
●
destination port ranges to which the rule applies
ICMP type and code
●
code
TCP Establish bit (access control lists only)
●
matching for TCP packets by whether the ack bit is burned on
Fragments
●
DSCP
— instructions on how to define packet matching by DSCP type
●
Rules work in the following ways, depending on the type of list and the type of information in the
packet:
Layer 4 rules in an access control list with a Permit operation are applied to non-initial
●
fragments
Layer 4 rules in an access control list with a Deny operation are not applied to non-initial
●
fragments, and the device continues checking the next IP rule. This is to prevent cases in
which fragments that belong to other L4 sessions may be blocked by the other L4 session
which is blocked.
Layer 3 rules apply to non-initial fragments
●
Layer 3 rules that include the fragment criteria do not apply to initial fragments or
●
non-fragment packets
452 Administration for the Avaya G250 and Avaya G350 Media Gateways
IP
Src
Any
Dst
Any
— instructions on how to define the protocol to which the rule applies
— instructions on how to define packet matching by ICMP type or
— instructions on how to apply packet matching to fragments
Wildcard
Port
Any
Any
— instructions on how to define the source and
— instructions on how to define the source and
— instructions on how to define packet
Operation
Fragment rule
Permit
No