Access Control List And Access Control List-Based Forwarding; Configuring Access-Control Lists - Cisco ASR 9000 Series Configuration Manual
Aggregation services router broadband
network gateway
Hide thumbs
Also See for ASR 9000 Series:
- Command reference manual (1138 pages) ,
- Routing configuration manual (702 pages) ,
- Reference manual (696 pages)
Table of Contents
Advertisement
Configuring Subscriber Features
Enabling Excessive Punt Flow Trap Processing: Examples
This is an example for enabling the Excessive Punt Flow Trap for subscriber interfaces, using the default
penalty timeout (15 minutes) and setting a penalty rate of 20 pps for PPP and PPPoE protocols.
configure
lpts punt excessive-flow-trap subscriber-interfaces
lpts punt excessive-flow-trap penalty-rate ppp 20
lpts punt excessive-flow-trap penalty-rate pppoe 20
end
!!
This is an example for enabling the Excessive Punt Flow Trap for non-subscriber interfaces, using the default
penalty rate (10 pps) and setting the ARP penalty timeout to 2 minutes.
configure
lpts punt excessive-flow-trap non-subscriber-interfaces
lpts punt excessive-flow-trap penalty-timeout arp 2
end
!!
Access Control List and Access Control List-based Forwarding
An Access Control List (ACL) is used to define access rights for a subscriber. It is also used for filtering
content, blocking access to various network resources, and so on.
Certain service providers need to route certain traffic be routed through specific paths, instead of using the
path computed by routing protocols. For example, a service provider may require that voice traffic traverse
through certain expensive routes, but data traffic to use the regular routing path. This is achieved by specifying
the next-hop address in the ACL configuration, which is then used for forwarding packet towards its destination.
This feature of using ACL for packet forwarding is called ACL-based Forwarding (ABF).
The ACL is defined through CLI or XML; however, it can be applied to a subscriber session either through
a dynamic-template, or through VSAs from RADIUS. Deploying ABF (using ACL) involves these stages:
• Defining an ACL, see
• Applying the ACL to an access-interface, see
Configuring Access-Control Lists
Perform this task to create an access control list. As an example, this access list is created to deploy ABF;
therefore, it defines the next hop address.
SUMMARY STEPS
1. configure
2. {ipv4 | ipv6} access-list access-list-name
3. sequence-number permit tcp any any
4. sequence-number permit {ipv4 | ipv6} host source_address nexthop source_address destination_address
5. Use the commit or end command.
OL-28375-03
Configuring Access-Control Lists, on page
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release
Access Control List and Access Control List-based Forwarding
217.
Activating ACL, on page
219.
4.3.x
217
Advertisement
Chapters
Table of Contents
