Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
VPC-VSM System Administration Guide, StarOS Release 19 ▄
181
gtpp group default
end
Applying an ACL to All Traffic Within a Context
This section provides information and instructions for applying one or more ACLs to a context configured within a
specific context on the system. The applied ACLs, known as policy ACLs, contain rules that apply to all traffic
facilitated by the context.
specific context on the system. The applied ACLs, known as policy ACLs, contain rules that apply to all traffic
facilitated by the context.
Important:
This section provides the minimum instruction set for applying the ACL list to all traffic within a
context. For more information on commands that configure additional parameters and options, refer to the Context
Configuration Mode Commands chapter in the Command Line Interface Reference.
Configuration Mode Commands chapter in the Command Line Interface Reference.
To configure the system to provide access control list facility to subscribers:
Step 1
Apply the configured ACL as described in
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Applying the ACL to a Context
To apply the ACLs to a context, use the following configuration:
configure
context acl_ctxt_name [ -noconfirm ]
{ ip | ipv6 } access-group acl_list_name [ in | out ] [ preference ]
end
Notes:
The context name is the name of the ACL context containing the interface to which the ACL is to be applied.
The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow match
criteria fails and forwarded again.
The
in
and
out
keywords are deprecated and are only present for backward compatibility.
Context ACL will be applied in the following cases:
Outgoing packets to an external source.
Incoming packets that fail flow match and are forwarded again. In this case, the context ACL applies
first and only if it passes are packets forwarded.
During forwarding, if an ACL rule is added with a destination address as a loopback address, the
context ACL is also applied. This is because StarOS handles packets destined to the kernel by going
context ACL is also applied. This is because StarOS handles packets destined to the kernel by going