Manualsbrain.com
  1. Инструкции и руководства
  2. Бренды
  3. Cisco
  4. Cisco Packet Data Gateway (PDG)

для Cisco Cisco Packet Data Gateway (PDG)

Скачать
Страница из 360
Access Control Lists   
▀  Configuring ACLs on the System 
 
 
▄  VPC-VSM System Administration Guide, StarOS Release 19 
176 
   
      { ip | ipv6 } access-list acl_list_name 
         deny { ip_address | any | host | icmp | ip | log | tcp | udp } 
         permit { ip_address | any | host | icmp | ip | log | tcp | udp } 
         after { deny | permit | readdress | redirect } 
         before { deny | permit | readdress | redirect } 
         end 
Notes: 
Caution:
  The system does not apply a “deny any” rule, unless it is specified in the ACL. This behavior can be 
changed by adding a “deny any” rule at the end of the ACL. 
 
The maximum number of rules that can be configured per ACL varies depending on how the ACL is to be used. 
For more information, refer to the Engineering Rules chapter. 
 
Use the information provided in the 
  to configure the rules that comprise the ACL. For 
more information, refer to the ACL Configuration Mode Commands and IPv6 ACL Configuration Mode 
Commands chapters in the Command Line Interface Reference
Configuring an Undefined ACL 
As discussed previously the system uses an “undefined” ACL mechanism for filtering the packet(s) in the event that an 
ACL that has been applied is not present. This scenario is likely the result of a mis-configuration such as the ACL name 
being mis-typed during the configuration process. 
For these scenarios, the system provides an “undefined” ACL that acts as a default filter for all packets into the context. 
The default action is to “permit all”. 
To modify the default behavior for unidentified ACLs, use the following configuration: 
configure 
   context acl_ctxt_name [-noconfirm] 
      access-list undefined { deny-all | permit-all } 
      end 
Notes: 
 
Context name is the name of the context containing the “undefined” ACL to be modified. For more information, 
refer to the Context Configuration Mode Commands chapter in the Command Line Interface Reference
Verifying the ACL Configuration 
To verify the ACL configuration, enter the Exec mode show { ip | ipv6 } access-list command. 
The following is a sample output of this command. In this example, an ACL named 
acl_1
 was configured.