Access Control Lists
Verifying the ACL Configuration on an Interface
This section describes how to verify the ACL configuration.
In the Exec Mode, enter the following command:
host_name
[local]
context_name is the name of the context containing the interface to which the ACL(s) was/were applied.
The output of this command displays the configuration of the entire context. Examine the output for the commands
pertaining to interface configuration. The commands display the ACL(s) applied using this procedure.
configure
context_name
context
ip access-list
deny host
deny ip any host
exit
ip access-group
service-redundancy-protocol
exit
interface
ip address
exit
subscriber default
exit
aaa group default
exit
gtpp group default
end
Applying the ACL to a Context
To apply the ACLs to a context, use the following configuration:
configure
context acl_ctxt_name [ -noconfirm ]
Notes:
• The context name is the name of the ACL context containing the interface to which the ACL is to be
• The context-level ACL is applied to outgoing packets. This applies to incoming packets also if the flow
show configuration context context_name
#
acl_name
ip_address
ip_address
access_group_name
interface_name
ip_address/mask
{ ip | ipv6 } access-group acl_list_name [ in | out ] [ preference ]
end
applied.
match criteria fails and forwarded again.
The in and out keywords are deprecated and are only present for backward compatibility.
Context ACL will be applied in the following cases:
ASR 5000 System Administration Guide, StarOS Release 21.1
Applying the ACL to a Context
237