Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
ASR 5000 System Administration Guide, StarOS Release 16 ▄
245
Figure 16. ACL Processing Order
Table 36.
ACL Processing Order Descriptions
Packet coming from the mobile node to the packet data network (left to right)
Order Description
1
An inbound ACL configured for the receiving interface in the Source Context is applied to the tunneled data (such as
the outer IP header). The packet is then forwarded to the Destination Context.
the outer IP header). The packet is then forwarded to the Destination Context.
2
An inbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied.
context) is applied.
3
A context ACL (policy ACL) configured in the Destination Context is applied prior to forwarding.
4
An outbound ACL configured on the interface in the Destination Context through which the packet is being
forwarded, is applied.
forwarded, is applied.
Packet coming from the packet data network to the mobile node (right to left)
Order Description
1
An inbound ACL configured for the receiving interface configured in the Destination Context is applied.
2
An outbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied. The packet is then forwarded to the Source Context.
context) is applied. The packet is then forwarded to the Source Context.
3
A context ACL (policy ACL) configured in the Source Context is applied prior to forwarding.
4
An outbound ACL configured on the interface in the Source Context through which the packet is being forwarded, is
applied to the tunneled data (such as the outer IP header).
applied to the tunneled data (such as the outer IP header).
In the event that an IP ACL is applied that has not been configured (for example, the name of the applied ACL was
configured incorrectly), the system uses an “undefined” ACL mechanism for filtering the packet(s).
configured incorrectly), the system uses an “undefined” ACL mechanism for filtering the packet(s).
This section provides information and instructions for applying ACLs and for configuring an “undefined” ACL.