Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
▀ Applying IP ACLs
▄ ASR 5500 System Administration Guide, StarOS Release 18
232
ip address ip_address/mask
exit
subscriber default
exit
subscriber name subscriber_name
ip access-group access_group_name in
ip access-group access_group_name out
exit
pdsn-service service_name
default subscriber subscriber_name
end
Applying an ACL to Multiple Subscriber via APNs
If IP ACLs are applied to subscribers via attributes in their profile, the subscriber profile could be configured locally on
the system or remotely on a RADIUS server.
the system or remotely on a RADIUS server.
To reduce configuration time, ACLs can alternatively be applied to APN templates for GGSN subscribers. When
configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.
configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.
This section provides information and instructions for applying an ACL to an APN template.
Important:
This section provides the minimum instruction set for applying the ACL list to all traffic within a
context. For more information on commands that configure additional parameters and options, refer to the Subscriber
Configuration Mode Commands chapter in the Command Line Interface Reference.
Configuration Mode Commands chapter in the Command Line Interface Reference.
To configure the system to provide access control list facility to subscribers:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Applying an ACL to Multiple Subscriber via APNs
To apply the ACL to multiple subscribers via APN, use the following configuration:
configure
context dest_context_name [-noconfirm]
apn apn_name
{ ip | ipv6 } access-group acl_list_name [ in | out ]
end