для Cisco Cisco Packet Data Gateway (PDG)
Access Control Lists
▀ Applying IP ACLs
▄ VPC-VSM System Administration Guide, StarOS Release 19
178
Applying IP ACLs
Once an ACL is configured, it must be applied to take effect.
Important:
prior to beginning these procedures. The procedures described below also assume that the subscribers
have been previously configured.
As discussed earlier, you can apply an ACL to any of the following:
Important:
ACLs must be configured in the same context in which the subscribers and/or interfaces to which
they are to be applied. Similarly, ACLs to be applied to a context must be configured in that context.
If ACLs are applied at multiple levels within a single context (such as an ACL is applied to an interface within the
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.
context and another ACL is applied to the entire context), they will be processed as shown in the following figure and
table.
Figure 3.
ACL Processing Order
Table 9. ACL Processing Order Descriptions
Packet coming from the mobile node to the packet data network (left to right)
Order Description
1
An inbound ACL configured for the receiving interface in the Source Context is applied to the tunneled data (such as the
outer IP header). The packet is then forwarded to the Destination Context.
outer IP header). The packet is then forwarded to the Destination Context.
2
An inbound ACL configured for the subscriber (either the specific subscriber or for any subscriber facilitated by the
context) is applied.
context) is applied.