Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
ASR 5000 System Administration Guide, StarOS Release 18 ▄
253
Notes:
Context name is the name of the context containing the “undefined” ACL to be modified. For more information,
refer to the Context Configuration Mode Commands chapter in the Command Line Interface Reference.
Verifying the ACL Configuration
To verify the ACL configuration, enter the Exec mode show { ip | ipv6 } access-list command.
The following is a sample output of this command. In this example, an ACL named
acl_1
was configured.
ip access list acl_1
deny host 10.2.3.4
deny ip any host 10.2.3.4
permit any 10.2.4.4
1 ip access-lists are configured.
deny host 10.2.3.4
deny ip any host 10.2.3.4
permit any 10.2.4.4
1 ip access-lists are configured.
Applying IP ACLs
Once an ACL is configured, it must be applied to take effect.
Important:
All ACLs should be configured and verified according to the instructions in the
prior to beginning these procedures. The procedures described below also assume that the subscribers
have been previously configured.
As discussed earlier, you can apply an ACL to any of the following:
Important:
ACLs must be configured in the same context in which the subscribers and/or interfaces to which
they are to be applied. Similarly, ACLs to be applied to a context must be configured in that context.
If ACLs are applied at multiple levels within a single context (such as an ACL is applied to an interface within the
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.