Cisco Cisco Packet Data Interworking Function (PDIF) Guide De Dépannage
ACS Rulebase Configuration Mode Commands
▀ firewall priority
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
the trigger is configured, the appropriate check is made. The trigger port will be the destination port of an
association which matches the rule.
Multiple triggers can be defined for the same port number to permit multiple auxiliary ports for subscriber
traffic.
Once a rule is matched and if the rule action is deny, the action taken depends on what is configured in the
specified charging action. If the flow exists, flow statistics are updated and action is taken as configured in
the charging action:
association which matches the rule.
Multiple triggers can be defined for the same port number to permit multiple auxiliary ports for subscriber
traffic.
Once a rule is matched and if the rule action is deny, the action taken depends on what is configured in the
specified charging action. If the flow exists, flow statistics are updated and action is taken as configured in
the charging action:
If the billing action is configured as EDR enabled, EDR is generated.
If the content ID is configured, UDR information is updated.
If the flow action is configured as ―terminate-flow‖, the flow is terminated instead of just discarding the
packet.
If the billing action, content ID, and flow action are not configured, no action is taken on the dropped packets.
Important:
For firewall ruledefs, only the terminate-flow action is applicable if configured in the specified
charging action.
For a packet dropped due to firewall ruledef match or no match (first packet of a flow), the charging action
applied is the one configured in the
applied is the one configured in the
or the
command respectively.
In StarOS 8.1, in the case of Policy-based Firewall, the charging action applied is the one configured in the
In StarOS 8.1, in the case of Policy-based Firewall, the charging action applied is the one configured in the
or the
command respectively.
For action on packets dropped due to any error condition after data session is created, the charging action
must be configured in the
must be configured in the
command.
The GGSN can dynamically activate/deactivate dynamic firewall ruledefs for a subscriber based on the rule
name received from a policy server. At rule match, if a rule in the rulebase is a dynamic rule, and if the rule is
enabled for the particular subscriber, rule matching is done for the rule. If the rule is disabled for the
particular subscriber, rule matching is not done for the rule.
name received from a policy server. At rule match, if a rule in the rulebase is a dynamic rule, and if the rule is
enabled for the particular subscriber, rule matching is done for the rule. If the rule is disabled for the
particular subscriber, rule matching is not done for the rule.
Example
The following command assigns a priority of
The following command assigns a priority of
to the firewall ruledef
, adds it to the rulebase, and permits
port trigger to be used for the rule to open ports in the range of
to
in either direction of the control connection:
The following command configures the firewall ruledef
as a dynamic ruledef: