Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
183
Applying an ACL to a RADIUS-based Subscriber
IP ACLs are applied to subscribers via attributes in their profile. The subscriber profile could be configured locally on
the system or remotely on a RADIUS server.
the system or remotely on a RADIUS server.
To apply an ACL to a RADIUS-based subscriber, use the Filter-Id attribute.
For more details on this attribute, if you are using StarOS 12.3 or an earlier release, refer to the AAA and GTPP
Interface Administration and Reference. If you are using StarOS 14.0 or a later release, refer to the AAA Interface
Administration and Reference.
Interface Administration and Reference. If you are using StarOS 14.0 or a later release, refer to the AAA Interface
Administration and Reference.
This section provides information and instructions for applying an ACL to an individual subscriber whose profile is
configured locally on the system.
configured locally on the system.
Important:
This section provides the minimum instruction set for applying the ACL list to all traffic within a
context. For more information on commands that configure additional parameters and options, refer to the Subscriber
Configuration Mode Commands chapter in the Command Line Interface Reference.
Configuration Mode Commands chapter in the Command Line Interface Reference.
To configure the system to provide access control list facility to subscribers:
Step 1
Apply the configured access control list by following the example configuration in
Step 2
Verify that ACL is applied properly on interface by following the steps in
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Applying an ACL to an Individual Subscriber
To apply the ACL to an individual subscriber, use the following configuration:
configure
context acl_ctxt_name [ -noconfirm ]
subscriber name subs_name
{ ip | ipv6 } access-group acl_list_name [ in | out ]
end
Notes:
The context name is the name of the ACL context containing the interface to which the ACL is to be applied.
If neither the
in
nor the
out
keyword is specified, the ACL will be applied to all inbound and outbound packets.
The ACL to be applied must be configured in the context specified by this command.
Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does
not exceed the 128-rule limit for the interface.