Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
Applying IP ACLs ▀
ASR 5000 System Administration Guide, StarOS Release 16 ▄
251
ip access-group access_group_name out
exit
aaa group default
exit
gtpp group default
exit
content-filtering server-group cfsg_name
response-timeout response_timeout
connection retry-timeout retry_timeout
end
exit
aaa group default
exit
gtpp group default
exit
content-filtering server-group cfsg_name
response-timeout response_timeout
connection retry-timeout retry_timeout
end
Applying a Single ACL to Multiple Subscribers
As mentioned in the previous section, IP ACLs are applied to subscribers via attributes in their profile. The subscriber
profile could be configured locally on the system or remotely on a RADIUS server.
profile could be configured locally on the system or remotely on a RADIUS server.
The system provides for the configuration of subscriber functions that serve as default values when specific attributes
are not contained in the individual subscriber’s profile. The following table describes these functions.
are not contained in the individual subscriber’s profile. The following table describes these functions.
Table 37.
Functions Used to Provide “Default” Subscriber Attributes
Function
Description
Subscriber named default Within each context, the system creates a subscriber called default. The profile for the subscriber
named default provides a configuration template of attribute values for subscribers authenticated in
that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is configured
according to the values for those attributes as defined for the subscriber named default.
NOTE: The profile for the subscriber named default is not used to provide missing information for
subscribers configured locally.
that context.
Any subscriber attributes that are not included in a RADIUS-based subscriber profile is configured
according to the values for those attributes as defined for the subscriber named default.
NOTE: The profile for the subscriber named default is not used to provide missing information for
subscribers configured locally.
default subscriber
This command in the PDSN, FA, and HA service Configuration modes specifies a profile from a
subscriber named something other than default to use a configuration template of attribute values for
subscribers authenticated in that context.
This command allows multiple services to draw “default” subscriber information from multiple
profiles.
subscriber named something other than default to use a configuration template of attribute values for
subscribers authenticated in that context.
This command allows multiple services to draw “default” subscriber information from multiple
profiles.
When configured properly, the functions described in the table above could be used to apply an ACL to:
All subscribers facilitated within a specific context by applying the ACL to the profile of the subscriber named
default.
All subscribers facilitated by specific services by applying the ACL to a subscriber profile and then using the
default subscriber command to configure the service to use that subscriber as the “default” profile.