Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Configuring ACLs on the System ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
175
Configuring ACLs on the System
This section describes how to configure ACLs.
Important:
This section provides the minimum instruction set for configuring access control list on the system.
For more information on commands that configure additional parameters and options, refer to the ACL Configuration
Mode Commands and IPv6 ACL Configuration Mode Commands chapters in the Command Line Interface Reference.
Mode Commands and IPv6 ACL Configuration Mode Commands chapters in the Command Line Interface Reference.
To configure the system to provide an access control list facility to subscribers:
Step 1
Create the access control list by following the example configuration in
Step 2
Specify the rules and criteria for action in the ACL list by following the example configuration in
Step 3
Optional. The system provides an “undefined” ACL that acts as a default filter for all packets into the context. The
default action is to “permit all”. Modify the default configuration for “unidentified” ACLs for by following the example
configuration in
default action is to “permit all”. Modify the default configuration for “unidentified” ACLs for by following the example
configuration in
Step 4
Verify your ACL configuration by following the steps in
Step 5
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Creating ACLs
To create an ACL, enter the following command sequence from the Exec mode of the system CLI:
configure
context acl_ctxt_name [ -noconfirm ]
{ ip | ipv6 } access-list acl_list_name
end
Notes:
The maximum number of ACLs that can be configured per context is limited by the amount of available memory
in the VPN Manager software task. Typically, the maximum is less than 200.
Configuring Action and Criteria for Subscriber Traffic
To create rules to deny/permit the subscriber traffic and apply the rules after or before action, enter the following
command sequence from the Exec mode of the system CLI:
command sequence from the Exec mode of the system CLI:
configure
context acl_ctxt_name [ -noconfirm ]