Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
Access Control
▀ Access Control via Blacklist or Whitelist
▄ Cisco StarOS IP Security (IPSec) Reference
144
Deployment Scenarios
Blacklisting
Blacklisting can be used when requests from a particular identity must be blocked for a short period of time, such as if
the subscriber has not paid his/her bill.
the subscriber has not paid his/her bill.
Whitelisting
Whitelisting can be used when requests from particular identities must be allowed to set up tunnels for a short period of
time, such as when certain services are allowed only for subscribers who have subscribed for the service.
time, such as when certain services are allowed only for subscribers who have subscribed for the service.
External Interfaces
The blacklist/whitelist file will be read from locations accessible by StarOS. Locations and protocols include:
[file:]{/flash | /pcmcia1 | /hd-raid}[/directory]/<filename>
[file:]{/flash | /usb1 | /hd-raid}[/directory]/<filename>
tftp://<host>[:<port>][/<directory>]/<filename>
ftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename>
sftp://[<username>[:<password>]@]<host>[:<port>][/<directory>]/<filename>
Important:
A black list or whitelist must be available to StarOS or blacklisting/whitelisting will not be
performed even if enabled.
CLI Commands
Important:
The commands described below appear in the CLI for this release. However, they have not been
qualified for use with any current Cisco StarOS gateway products.
Global Configuration Mode
crypto blacklist file
Configures a blacklist (access denied) file to be used by a security gateway (SeGW).
crypto blacklist file pathname
pathname
specifies the location and protocol from which StarOS will retrieve the blacklist file.
Refer to the Command Line Interface Reference for a complete description of this command and its keywords.