Cisco Cisco ASR 5500
• All subscriber sessions facilitated by a specific context
There are two primary components of an ACL:
• Rule: A single ACL consists of one or more ACL rules. As discussed earlier, the rule is a filter configured
to take a specific action on packets matching specific criteria. Up to 128 rules can be configured per
ACL.
ACL.
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses
the rule actions and criteria supported by the system.
the rule actions and criteria supported by the system.
• Rule Order: A single ACL can consist of multiple rules. Each packet is compared against each of the
ACL rules, in the order in which they were entered, until a match is found. Once a match is identified,
all subsequent rules are ignored.
all subsequent rules are ignored.
For more information on Access Control List configuration, refer to the IP Access Control List chapter
in System Administration Guide.
in System Administration Guide.
Important
IP Policy Forwarding
IP Policy Forwarding enables the routing of subscriber data traffic to specific destinations based on
configuration. This functionality can be implemented in support of enterprise-specific applications (i.e. routing
traffic to specific enterprise domains) or for routing traffic to back-end servers for additional processing.
configuration. This functionality can be implemented in support of enterprise-specific applications (i.e. routing
traffic to specific enterprise domains) or for routing traffic to back-end servers for additional processing.
Description
The system can be configured to automatically forward data packets to a predetermined network destination.
This can be done in one of three ways:
This can be done in one of three ways:
• IP Pool-based Next Hop Forwarding - Forwards data packets based on the IP pool from which a
subscriber obtains an IP address.
• ACL-based Policy Forwarding - Forwards data packets based on policies defined in Access Control
Lists (ACLs) and applied to contexts or interfaces.
• Subscriber specific Next Hop Forwarding - Forwards all packets for a specific subscriber.
The simplest way to forward subscriber data is to use IP Pool-based Next Hop Forwarding. An IP pool is
configured with the address of a next hop gateway and data packets from all subscribers using the IP pool are
forward to that gateway.
configured with the address of a next hop gateway and data packets from all subscribers using the IP pool are
forward to that gateway.
Subscriber Next Hop forwarding is also very simple. In the subscriber configuration a nexthop forwarding
address is specified and all data packets for that subscriber are forwarded to the specified nexthop destination.
address is specified and all data packets for that subscriber are forwarded to the specified nexthop destination.
ACL-based Policy Forwarding gives you more control on redirecting data packets. By configuring an Access
Control List (ACL) you can forward data packets from a context or an interface by different criteria, such as
source or destination IP address, ICMP type, or TCP/UDP port numbers.
Control List (ACL) you can forward data packets from a context or an interface by different criteria, such as
source or destination IP address, ICMP type, or TCP/UDP port numbers.
ACLs are applied first. If ACL-based Policy Forwarding and Pool-based Next Hop Forwarding or Subscriber
are configured, data packets are first redirected as defined in the ACL, then all remaining data packets are
redirected to the next hop gateway defined by the IP pool or subscriber profile.
are configured, data packets are first redirected as defined in the ACL, then all remaining data packets are
redirected to the next hop gateway defined by the IP pool or subscriber profile.
PDSN Administration Guide, StarOS Release 19
5
CDMA2000 Wireless Data Services
IP Policy Forwarding