Applying An Acl To All Traffic Within A Context; Verifying The Acl Configuration In A Context - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Applying the ACL to a Context
• The ACL to be applied must be configured in the context specified by this command.
• Up to eight ACLs can be applied to a group provided that the number of rules configured within the
Applying an ACL to All Traffic Within a Context
This section provides information and instructions for applying one or more ACLs to a context configured
within a specific context on the system. The applied ACLs, known as policy ACLs, contain rules that apply
to all traffic facilitated by the context.
Important
To configure the system to provide access control list facility to subscribers:
Step 1
Apply the configured ACL as described in
Step 2
Verify that ACL is applied properly on interface as described in
238
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Verifying the ACL Configuration in a Context
To verify the ACL configuration:
Verify that your ACL lists were applied properly by entering the following command in Exec Mode:
host_name
[local]
context_name is the name of the context to which the ACL(s) was/were applied.
The output of this command displays the configuration of the entire context. Examine the output for the commands
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
ASR 5000 System Administration Guide, StarOS Release 21.1
238
• Outgoing packets to an external source.
• Incoming packets that fail flow match and are forwarded again. In this case, the context ACL
applies first and only if it passes are packets forwarded.
During forwarding, if an ACL rule is added with a destination address as a loopback address, the
context ACL is also applied. This is because StarOS handles packets destined to the kernel by
going through a forwarding lookup for them. To apply ACL rules to incoming packets, the interface
ACL must be used instead of the context ACL.
ACL(s) does not exceed the 128-rule limit for the interface.
This section provides the minimum instruction set for applying the ACL list to all traffic within a context.
For more information on commands that configure additional parameters and options, refer to the Context
Configuration Mode Commands chapter in the Command Line Interface Reference.
Applying the ACL to a Context, on page 237
show configuration context context_name
#
Verifying the ACL Configuration in a Context, on page
Access Control Lists
Advertisement
Table of Contents
Troubleshooting
