Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
▀ Applying IP ACLs
▄ ASR 5000 System Administration Guide, StarOS Release 18
260
subscriber name subscriber_name
ip access-group access_group_name in
ip access-group access_group_name out
exit
aaa group default
exit
gtpp group default
exit
content-filtering server-group cfsg_name
response-timeout response_timeout
connection retry-timeout retry_timeout
end
ip access-group access_group_name in
ip access-group access_group_name out
exit
aaa group default
exit
gtpp group default
exit
content-filtering server-group cfsg_name
response-timeout response_timeout
connection retry-timeout retry_timeout
end
Applying a Single ACL to Multiple Subscribers
As mentioned in the previous section, IP ACLs are applied to subscribers via attributes in their profile. The subscriber
profile could be configured locally on the system or remotely on a RADIUS server.
profile could be configured locally on the system or remotely on a RADIUS server.
The system provides for the configuration of subscriber functions that serve as default values when specific attributes
are not contained in the individual subscriber’s profile. The following table describes these functions.
are not contained in the individual subscriber’s profile. The following table describes these functions.
Table 38. Functions Used to Provide “Default” Subscriber Attributes
Function
Description
Subscriber named default Within each context, the system creates a subscriber called default. The profile for the
subscriber named default provides a configuration template of attribute values for subscribers
authenticated in that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is
configured according to the values for those attributes as defined for the subscriber named
default.
NOTE: The profile for the subscriber named default is not used to provide missing
information for subscribers configured locally.
authenticated in that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is
configured according to the values for those attributes as defined for the subscriber named
default.
NOTE: The profile for the subscriber named default is not used to provide missing
information for subscribers configured locally.
default subscriber
This command in the PDSN, FA, and HA service Configuration modes specifies a profile
from a subscriber named something other than default to use a configuration template of
attribute values for subscribers authenticated in that context.
This command allows multiple services to draw “default” subscriber information from
multiple profiles.
from a subscriber named something other than default to use a configuration template of
attribute values for subscribers authenticated in that context.
This command allows multiple services to draw “default” subscriber information from
multiple profiles.
When configured properly, the functions described in the table above could be used to apply an ACL to:
All subscribers facilitated within a specific context by applying the ACL to the profile of the subscriber named
default.
All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the
default subscriber command to configure the service to use that subscriber as the “default” profile.