Cisco Cisco Packet Data Interworking Function (PDIF)
Access Control Lists
Applying IP ACLs ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
185
content-filtering server-group cfsg_name
response-timeout response_timeout
connection retry-timeout retry_timeout
end
Applying a Single ACL to Multiple Subscribers
As mentioned in the previous section, IP ACLs are applied to subscribers via attributes in their profile. The subscriber
profile could be configured locally on the system or remotely on a RADIUS server.
profile could be configured locally on the system or remotely on a RADIUS server.
The system provides for the configuration of subscriber functions that serve as default values when specific attributes
are not contained in the individual subscriber’s profile. The following table describes these functions.
are not contained in the individual subscriber’s profile. The following table describes these functions.
Table 10.
Functions Used to Provide “Default” Subscriber Attributes
Function
Description
Subscriber named
default
default
Within each context, the system creates a subscriber called default. The profile for the subscriber named
default provides a configuration template of attribute values for subscribers authenticated in that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is configured according
to the values for those attributes as defined for the subscriber named default.
NOTE: The profile for the subscriber named default is not used to provide missing information for
subscribers configured locally.
default provides a configuration template of attribute values for subscribers authenticated in that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is configured according
to the values for those attributes as defined for the subscriber named default.
NOTE: The profile for the subscriber named default is not used to provide missing information for
subscribers configured locally.
default
subscriber
subscriber
This command in the PDSN, FA, and HA service Configuration modes specifies a profile from a subscriber
named something other than default to use a configuration template of attribute values for subscribers
authenticated in that context.
This command allows multiple services to draw “default” subscriber information from multiple profiles.
named something other than default to use a configuration template of attribute values for subscribers
authenticated in that context.
This command allows multiple services to draw “default” subscriber information from multiple profiles.
When configured properly, the functions described in the table above could be used to apply an ACL to:
All subscribers facilitated within a specific context by applying the ACL to the profile of the subscriber named
default.
All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the
default subscriber command to configure the service to use that subscriber as the “default” profile.
Applying an ACL to the Subscriber Named default
This section provides information and instructions for applying an ACL to the subscriber named default.
Important:
This section provides the minimum instruction set for applying the ACL list to all traffic within a
context. For more information on commands that configure additional parameters and options, refer to Subscriber
Configuration Mode Commands in the Command Line Interface Reference.
Configuration Mode Commands in the Command Line Interface Reference.
To configure the system to provide access control list facility to subscribers:
Step 1
Apply the configured access control list by following the example configuration in