Verifying the ACL Configuration on an Interface
This section describes how to verify the ACL configuration.
In the Exec Mode, enter the following command:
[local]host_name# show configuration context context_name
context_name is the name of the context containing the interface to which the ACL(s) was/were applied.
The output of this command displays the configuration of the entire context. Examine the output for the commands
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
configure
context context_name
ip access-list acl_name
deny host ip_address
deny ip any host ip_address
exit
ip access-group access_group_name
service-redundancy-protocol
exit
interface interface_name
ip address ip_address/mask
exit
subscriber default
exit
aaa group default
exit
gtpp group default
end
Applying the ACL to a Context
To apply the ACLs to a context, use the following configuration:
configure
context acl_ctxt_name [ -noconfirm ]
{ ip | ipv6 } access-group acl_list_name [ in | out ] [ preference ]
end
Notes:
•
The context name is the name of the ACL context containing the interface to which the ACL is to be
applied.
•
The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow
match criteria fails and forwarded again.
The in and out keywords are deprecated and are only present for backward compatibility.
Context ACL will be applied in the following cases:
ASR 5500 System Administration Guide, StarOS Release 21.4
255
Access Control Lists
Applying the ACL to a Context
To Next Page
Loading...
Need help?
General
