Cisco Cisco Packet Data Interworking Function (PDIF)
Access Control Lists
Understanding ACLs ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
173
Understanding ACLs
This section discusses the two main aspects to ACLs on the system:
Important:
Refer to ACL Configuration Mode Commands and the IPv6 ACL Configuration Mode Commands
chapter in the Command Line Interface Reference for the full command syntax.
Rule(s)
A single ACL consists of one or more ACL rules. Each rule is a filter configured to take a specific action when packets
matching specific criteria. Up to 128 rules can be configured per ACL.
matching specific criteria. Up to 128 rules can be configured per ACL.
Important:
Configured ACLs consisting of no rules imply a “deny any” rule. The deny action and any criteria
are discussed later in this section. This is the default behavior for an empty ACL.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the rule actions
and criteria supported by the system.
and criteria supported by the system.
Actions
ACLs specify that one of the following actions can be taken on a packet that matches the specified criteria:
Permit: The packet is accepted and processed.
Deny: The packet is rejected.
Redirect: The packet is forwarded to the specified next-hop address through a specific system interface or to the
specified context for processing.
Important:
Redirect rules are ignored for ACLs applied to specific subscribers or all
subscribers facilitated by a specific context, or APN for UMTS subscribers.
Criteria
Each ACL consists of one or more rules specifying the criteria that packets will be compared against.
The following criteria are supported:
Any: Filters all packets
Host: Filters packets based on the source host IP address
ICMP: Filters Internet Control Message Protocol (ICMP) packets
IP: Filters Internet Protocol (IP) packets
Source IP Address: Filter packets based on one or more source IP addresses