для Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
▀ Configuring ACLs on the System
▄ VPC-VSM System Administration Guide, StarOS Release 19
176
{ ip | ipv6 } access-list acl_list_name
deny { ip_address | any | host | icmp | ip | log | tcp | udp }
permit { ip_address | any | host | icmp | ip | log | tcp | udp }
after { deny | permit | readdress | redirect }
before { deny | permit | readdress | redirect }
end
Notes:
Caution:
The system does not apply a “deny any” rule, unless it is specified in the ACL. This behavior can be
changed by adding a “deny any” rule at the end of the ACL.
The maximum number of rules that can be configured per ACL varies depending on how the ACL is to be used.
For more information, refer to the Engineering Rules chapter.
Use the information provided in the
more information, refer to the ACL Configuration Mode Commands and IPv6 ACL Configuration Mode
Commands chapters in the Command Line Interface Reference.
Commands chapters in the Command Line Interface Reference.
Configuring an Undefined ACL
As discussed previously the system uses an “undefined” ACL mechanism for filtering the packet(s) in the event that an
ACL that has been applied is not present. This scenario is likely the result of a mis-configuration such as the ACL name
being mis-typed during the configuration process.
ACL that has been applied is not present. This scenario is likely the result of a mis-configuration such as the ACL name
being mis-typed during the configuration process.
For these scenarios, the system provides an “undefined” ACL that acts as a default filter for all packets into the context.
The default action is to “permit all”.
The default action is to “permit all”.
To modify the default behavior for unidentified ACLs, use the following configuration:
configure
context acl_ctxt_name [-noconfirm]
access-list undefined { deny-all | permit-all }
end
Notes:
Context name is the name of the context containing the “undefined” ACL to be modified. For more information,
refer to the Context Configuration Mode Commands chapter in the Command Line Interface Reference.
Verifying the ACL Configuration
To verify the ACL configuration, enter the Exec mode show { ip | ipv6 } access-list command.
The following is a sample output of this command. In this example, an ACL named
acl_1
was configured.