Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Access Control Lists
Applying IP ACLs ▀
Cisco ASR 5000 Series Enhanced Feature Configuration Guide ▄
OL-22982-01
Applying IP ACLs
Once an ACL is configured, it must be applied to take effect.
As discussed earlier, an ACL can be applied to any of the following:
Important:
ACLs must be configured in the same context in which the subscribers and/or interfaces to which
they are to be applied. Similarly, ACLs to be applied to a context must be configured in that context.
If ACLs are applied at multiple levels within a single context (i.e. an ACL is applied to an interface within the context
and another ACL is applied to the entire context), they will be processed as shown in the following figure and table.
and another ACL is applied to the entire context), they will be processed as shown in the following figure and table.
Figure 4.
ACL Processing Order
Source Context
Destination Context
1
1
4
4
3
3
2
2
Interface
Interface
Out
ACL
In
ACL
Context
ACL
Sub.
Out
ACL
In
ACL
Out
ACL
Context
ACL
Sub.
In
ACL
To/From
PDN
PDN
From/To
Mobile
Node
GRE, GTP, or IP-in-IP
Tunnel
Table 7. ACL Processing Order Descriptions
Packet coming from the mobile node to the packet data network (left to right)
Order Description
1
An inbound ACL configured for the receiving interface in the Source Context is applied to the tunneled data (i.e. the outer
IP header). The packet is then forwarded to the Destination Context.
IP header). The packet is then forwarded to the Destination Context.
2
An inbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied.
context) is applied.
3
A context ACL (policy ACL) configured in the Destination Context is applied prior to forwarding.
4
An outbound ACL configured on the interface in the Destination Context through which the packet is being forwarded is
applied.
applied.