•
Outgoing packets to an external source.
•
Incoming packets that fail flow match and are forwarded again. In this case, the context ACL
applies first and only if it passes are packets forwarded.
During forwarding, if an ACL rule is added with a destination address as a loopback address, the
context ACL is also applied. This is because StarOS handles packets destined to the kernel by
going through a forwarding lookup for them. To apply ACL rules to incoming packets, the interface
ACL must be used instead of the context ACL.
•
The ACL to be applied must be configured in the context specified by this command.
•
Up to 16 ACLs can be applied to a group provided that the number of rules configured within the ACL(s)
does not exceed the 256-rule limit for the interface.
Applying an ACL to All Traffic Within a Context
This section provides information and instructions for applying one or more ACLs to a context configured
within a specific context on the system. The applied ACLs, known as policy ACLs, contain rules that apply
to all traffic facilitated by the context.
This section provides the minimum instruction set for applying the ACL list to all traffic within a context.
For more information on commands that configure additional parameters and options, refer to the Context
Configuration Mode Commands chapter in the Command Line Interface Reference.
Important
To configure the system to provide access control list facility to subscribers:
Step 1
Apply the configured ACL as described in Applying the ACL to a Context, on page 255
Step 2
Verify that ACL is applied properly on interface as described in Verifying the ACL Configuration in a Context, on page
256
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Verifying the ACL Configuration in a Context
To verify the ACL configuration:
Verify that your ACL lists were applied properly by entering the following command in Exec Mode:
[local]host_name# show configuration context context_name
context_name is the name of the context to which the ACL(s) was/were applied.
The output of this command displays the configuration of the entire context. Examine the output for the commands
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
ASR 5500 System Administration Guide, StarOS Release 21.4
256
Access Control Lists
Applying the ACL to a Context
To Next Page
Loading...
Need help?
General
