Cisco Cisco Packet Data Interworking Function (PDIF)
Access Control Lists
▀ Applying IP ACLs
▄ ASR 5000 System Administration Guide, StarOS Release 18
258
configure
context context_name
ip access-list acl_name
deny host ip_address
deny ip any host ip_address
exit
ip access-group access_group_name
service-redundancy-protocol
exit
interface interface_name
ip address ip_address/mask
exit
subscriber default
exit
aaa group default
exit
gtpp group default
end
context context_name
ip access-list acl_name
deny host ip_address
deny ip any host ip_address
exit
ip access-group access_group_name
service-redundancy-protocol
exit
interface interface_name
ip address ip_address/mask
exit
subscriber default
exit
aaa group default
exit
gtpp group default
end
Applying an ACL to a RADIUS-based Subscriber
IP ACLs are applied to subscribers via attributes in their profile. The subscriber profile could be configured locally on
the system or remotely on a RADIUS server.
the system or remotely on a RADIUS server.
To apply an ACL to a RADIUS-based subscriber, use the Filter-Id attribute.
For more details on this attribute, if you are using StarOS 12.3 or an earlier release, refer to the AAA and GTPP
Interface Administration and Reference. If you are using StarOS 14.0 or a later release, refer to the AAA Interface
Administration and Reference.
Interface Administration and Reference. If you are using StarOS 14.0 or a later release, refer to the AAA Interface
Administration and Reference.
This section provides information and instructions for applying an ACL to an individual subscriber whose profile is
configured locally on the system.
configured locally on the system.
Important:
This section provides the minimum instruction set for applying the ACL list to all traffic within a
context. For more information on commands that configure additional parameters and options, refer to the Subscriber
Configuration Mode Commands chapter in the Command Line Interface Reference.
Configuration Mode Commands chapter in the Command Line Interface Reference.
To configure the system to provide access control list facility to subscribers:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.