Cisco MWR 1941-DC - 1941 Mobile Wireless Router Software Configuration Manual page 162

Mobile wireless edge router

Hide thumbs Also See for MWR 1941-DC - 1941 Mobile Wireless Router:

Hardware installation manual (106 pages)

User manual (40 pages)

Rack mounting instructions (13 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

Table of Contents

Filtering IP Packets Using Access Lists

The behavior of access-list entries regarding the presence or absence of the fragments keyword can be

summarized as follows:

If the Access-List Entry has...

...no fragments keyword, and

assuming all of the access-list entry

information matches,

...the fragments keyword, and

assuming all of the access-list entry

information matches,

Be aware that you should not simply add the fragments keyword to every access list entry because the

first fragment of the IP packet is considered a nonfragment and is treated independently of the

subsequent fragments. An initial fragment will not match an access list permit or deny entry that

contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it

is either permitted or denied by an access list entry that does not contain the fragments keyword.

Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair

will not include the fragments keyword, and applies to the initial fragment. The second deny entry of

the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where

there are multiple deny access list entries for the same host but with different Layer 4 ports, a single

deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all

the fragments of a packet are handled in the same manner by the access list.

Cisco MWR 1941-DC Mobile Wireless Edge Router Software Configuration Guide

6-54

Chapter 6

Configuring the MWR 1941-DC in a Cell Site DCN

Then..

For an access-list entry containing only Layer 3 information:

The entry is applied to nonfragmented packets, initial

•

fragments and noninitial fragments.

For an access list entry containing Layer 3 and Layer 4

information:

The entry is applied to nonfragmented packets and initial

•

fragments.

If the entry matches and is a permit statement, the

–

packet or fragment is permitted.

If the entry matches and is a deny statement, the

–

packet or fragment is denied.

The entry is also applied to noninitial fragments in the

•

following manner. Because noninitial fragments contain

only Layer 3 information, only the Layer 3 portion of an

access-list entry can be applied. If the Layer 3 portion of

the access-list entry matches, and

If the entry is a permit statement, the noninitial

–

fragment is permitted.

If the entry is a deny statement, the next access-list

–

entry is processed.

Note that the deny statements are handled

Note

differently for noninitial fragments versus

nonfragmented or initial fragments.

The access-list entry is applied only to noninitial fragments.

The fragments keyword cannot be configured for

Note

an access-list entry that contains any Layer 4

information.

OL-11503-01

Table of Contents

Cisco MWR 1941-DC - 1941 Mobile Wireless Router Software Configuration Manual page 162

Related Manuals for Cisco MWR 1941-DC - 1941 Mobile Wireless Router

Related Products for Cisco MWR 1941-DC - 1941 Mobile Wireless Router

Table of Contents