Specifying Ip Extended Access Lists With Fragment Control - Cisco MWR 1941-DC - 1941 Mobile Wireless Router Software Configuration Manual

Mobile wireless edge router

Hide thumbs Also See for MWR 1941-DC - 1941 Mobile Wireless Router:

Hardware installation manual (106 pages)

User manual (40 pages)

Rack mounting instructions (13 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

Table of Contents

Chapter 6

Configuring the MWR 1941-DC in a Cell Site DCN

Filtering IP Packets Using Access Lists

When making the standard and extended access list, remember that, by default, the end of the access

Note

list contains an implicit deny statement for everything if it did not find a match before reaching the

end. Further, with standard access lists, if you omit the mask from an associated IP host address

access list specification, 0.0.0.0 is assumed to be the mask.

After creating an access list, you must apply it to a line or interface, as shown in

"Applying Access Lists"

section on page

6-58".

See the

"Named Access List Example" section on page 6-62

for an example of a named access list.

Specifying IP Extended Access Lists with Fragment Control

This section describes the functionality added to IP extended named and numbered access lists. You can

now specify whether the system examines noninitial IP fragments of packets when applying an IP

extended access list.

Prior to this feature, nonfragmented packets and the initial fragment of a packet were processed by IP

extended access lists (if such an access list was applied), but noninitial fragments were permitted by

default. The IP Extended Access Lists with Fragment Control feature now allows more granularity of

control over noninitial packets.

Because noninitial fragments contain only Layer 3 information, access-list entries containing only

Layer 3 information can and now are applied to noninitial fragments. The fragment has all the

information the system needs to filter, so the entry is applied to the fragments.

This feature adds the optional fragments keyword to four IP access list commands [access-list (IP

extended), deny (IP), dynamic, and permit (IP)]. By specifying the fragments keyword in an access

list entry, that particular access list entry applies only to noninitial fragments of packets; the fragment is

either permitted or denied accordingly.

Cisco MWR 1941-DC Mobile Wireless Edge Router Software Configuration Guide

6-53

OL-11503-01

Table of Contents

Specifying Ip Extended Access Lists With Fragment Control - Cisco MWR 1941-DC - 1941 Mobile Wireless Router Software Configuration Manual

Specifying IP Extended Access Lists with Fragment Control

Related Manuals for Cisco MWR 1941-DC - 1941 Mobile Wireless Router

Related Content for Cisco MWR 1941-DC - 1941 Mobile Wireless Router

Table of Contents