Cisco Cisco Packet Data Gateway (PDG)

Access Control Lists

Applying IP ACLs ▀

ASR 5000 System Administration Guide, StarOS Release 18 ▄

253

Notes:



Context name is the name of the context containing the “undefined” ACL to be modified. For more information,

refer to the Context Configuration Mode Commands chapter in the Command Line Interface Reference.

Verifying the ACL Configuration

To verify the ACL configuration, enter the Exec mode show { ip | ipv6 } access-list command.

The following is a sample output of this command. In this example, an ACL named

acl_1

was configured.

ip access list acl_1
deny host 10.2.3.4
deny ip any host 10.2.3.4
permit any 10.2.4.4
1 ip access-lists are configured.

Applying IP ACLs

Once an ACL is configured, it must be applied to take effect.

Important:

All ACLs should be configured and verified according to the instructions in the

Configuring ACLs

on the System

prior to beginning these procedures. The procedures described below also assume that the subscribers

have been previously configured.

As discussed earlier, you can apply an ACL to any of the following:



Applying an ACL to an Individual Interface



Applying an ACL to All Traffic Within a Context

(known as a policy ACL)



Applying an ACL to an Individual Subscriber



Applying a Single ACL to Multiple Subscribers



Applying a Single ACL to Multiple Subscribers via APNs

(for 3GPP subscribers only)

Important:

ACLs must be configured in the same context in which the subscribers and/or interfaces to which

they are to be applied. Similarly, ACLs to be applied to a context must be configured in that context.

If ACLs are applied at multiple levels within a single context (such as an ACL is applied to an interface within the
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.