Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
179
3
A context ACL (policy ACL) configured in the Destination Context is applied prior to forwarding.
4
An outbound ACL configured on the interface in the Destination Context through which the packet is being forwarded, is
applied.
applied.
Packet coming from the packet data network to the mobile node (right to left)
Order Description
1
An inbound ACL configured for the receiving interface configured in the Destination Context is applied.
2
An outbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied. The packet is then forwarded to the Source Context.
context) is applied. The packet is then forwarded to the Source Context.
3
A context ACL (policy ACL) configured in the Source Context is applied prior to forwarding.
4
An outbound ACL configured on the interface in the Source Context through which the packet is being forwarded, is
applied to the tunneled data (such as the outer IP header).
applied to the tunneled data (such as the outer IP header).
In the event that an IP ACL is applied that has not been configured (for example, the name of the applied ACL was
configured incorrectly), the system uses an “undefined” ACL mechanism for filtering the packet(s).
configured incorrectly), the system uses an “undefined” ACL mechanism for filtering the packet(s).
This section provides information and instructions for applying ACLs and for configuring an “undefined” ACL.
Applying an ACL to an Individual Interface
This section provides information and instructions for applying one or more ACLs to an individual interface configured
on the system.
on the system.
Important:
This section provides the minimum instruction set for applying the ACL list to an interface on the
system. For more information on commands that configure additional parameters and options, refer to the Ethernet
Interface Configuration Mode Commands chapter in the Command Line Interface Reference.
Interface Configuration Mode Commands chapter in the Command Line Interface Reference.
To configure the system to provide ACL facility to subscribers:
Step 1
Apply the configured access control list by following the example configuration in
Step 2
Verify that ACL is applied properly on interface by following the steps in
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Applying the ACL to an Interface
To apply the ACL to an interface, use the following configuration:
configure
context acl_ctxt_name [ -noconfirm ]
interface interface_name