Cisco Cisco Packet Data Gateway (PDG)

Access Control Lists

▀ Applying IP ACLs

▄ VPC-VSM System Administration Guide, StarOS Release 19

178

Applying IP ACLs

Once an ACL is configured, it must be applied to take effect.

Important:

All ACLs should be configured and verified according to the instructions in the

Configuring ACLs

on the System

prior to beginning these procedures. The procedures described below also assume that the subscribers

have been previously configured.

As discussed earlier, you can apply an ACL to any of the following:



Applying an ACL to an Individual Interface



Applying an ACL to All Traffic Within a Context

(known as a policy ACL)



Applying an ACL to an Individual Subscriber



Applying a Single ACL to Multiple Subscribers



Applying a Single ACL to Multiple Subscribers via APNs

(for 3GPP subscribers only)

Important:

ACLs must be configured in the same context in which the subscribers and/or interfaces to which

they are to be applied. Similarly, ACLs to be applied to a context must be configured in that context.

If ACLs are applied at multiple levels within a single context (such as an ACL is applied to an interface within the
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.

Figure 3.

ACL Processing Order

Table 9. ACL Processing Order Descriptions

Packet coming from the mobile node to the packet data network (left to right)

Order Description

An inbound ACL configured for the receiving interface in the Source Context is applied to the tunneled data (such as the
outer IP header). The packet is then forwarded to the Destination Context.

An inbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied.