Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
ASR 5500 System Administration Guide, StarOS Release 18 ▄
233
Notes:
The ACL to be applied must be in the destination context of the APN (which can be different from the context
where the APN is configured).
If neither the
in
nor the
out
keyword is specified, the ACL will be applied to all inbound and outbound packets.
Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does
not exceed the 128-rule limit for the interface.
Verifying the ACL Configuration to APNs
To verify the ACL configuration:
Step 1
Verify that your ACL lists were applied properly by entering the following command in Exec Mode:
show configuration context context_name
context_name is the name of the context containing the APN apn1 having default subscriber to which the ACL(s)
was/were applied.
was/were applied.
The output of this command displays the configuration of the entire context. Examine the output for the commands
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
configure
context context_name
ip access-list acl_name
deny host ip_address
deny ip any host ip_address
exit
ip access-group access_group_name
interface interface
ip address ip_address/mask
exit
subscriber default
exit
apn apn_name
ip access-group access_group_name in
ip access-group access_group_name out
end
context context_name
ip access-list acl_name
deny host ip_address
deny ip any host ip_address
exit
ip access-group access_group_name
interface interface
ip address ip_address/mask
exit
subscriber default
exit
apn apn_name
ip access-group access_group_name in
ip access-group access_group_name out
end