Separate ACLs may be created for IPv4 and IPv6 access routes.
Understanding ACLs
This section discusses the two main aspects to ACLs on the system:
•
Rule(s), on page 248
•
Rule Order, on page 250
Refer to ACL Configuration Mode Commands and the IPv6 ACL Configuration Mode Commands chapter
in the Command Line Interface Reference for the full command syntax.
Important
Rule(s)
A single ACL consists of one or more ACL rules. Each rule is a filter configured to take a specific action
when packets matching specific criteria. Up to 256 rules can be configured per ACL.
Configured ACLs consisting of no rules imply a "deny any" rule. The deny action and any criteria are
discussed later in this section. This is the default behavior for an empty ACL.
Important
Each rule specifies the action to take when a packet matches the specifies criteria. This section discusses the
rule actions and criteria supported by the system.
Actions
ACLs specify that one of the following actions can be taken on a packet that matches the specified criteria:
•
Permit: The packet is accepted and processed.
•
Deny: The packet is rejected.
•
Redirect: The packet is forwarded to the specified next-hop address through a specific system interface
or to the specified context for processing.
Redirect rules are ignored for ACLs applied to specific subscribers or all subscribers
facilitated by a specific context, or APN for UMTS subscribers.
Important
Criteria
Each ACL consists of one or more rules specifying the criteria that packets will be compared against.
The following criteria are supported:
ASR 5500 System Administration Guide, StarOS Release 21.4
248
Access Control Lists
Understanding ACLs
To Next Page
Loading...
Need help?
General
