Rule Order
Rule Order
A single ACL can consist of multiple rules. Each packet is compared against each of the ACL rules, in the
order in which they were entered, until a match is found. Once a match is identified, all subsequent rules are
ignored.
Additional rules can be added to an existing ACL and properly ordered using either of the following options:
• Before
• After
Using these placement options requires the specification of an existing rule in the ACL and the configuration
of the new rule as demonstrated by the following flow:
[ before | after ] { existing_rule }
Configuring ACLs on the System
This section describes how to configure ACLs.
Important
To configure the system to provide an access control list facility to subscribers:
Step 1
Create the access control list by following the example configuration in
Step 2
Specify the rules and criteria for action in the ACL list by following the example configuration in
and Criteria for Subscriber Traffic, on page 187
Step 3
Optional. The system provides an "undefined" ACL that acts as a default filter for all packets into the context. The default
action is to "permit all". Modify the default configuration for "unidentified" ACLs for by following the example
configuration in
Step 4
Verify your ACL configuration by following the steps in
Step 5
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
save configuration command. For additional information refer to the Verifying and Saving Your Configuration chapter.
Creating ACLs
To create an ACL, enter the following command sequence from the Exec mode of the system CLI:
configure
context acl_ctxt_name [ -noconfirm ]
ASR 5500 System Administration Guide, StarOS Release 21.5
186
This section provides the minimum instruction set for configuring access control list on the system. For
more information on commands that configure additional parameters and options, refer to the ACL
Configuration Mode Commands and IPv6 ACL Configuration Mode Commands chapters in the Command
Line Interface Reference.
Configuring an Undefined ACL, on page 187
Creating ACLs, on page 186
Verifying the ACL Configuration, on page 188
Access Control Lists
Configuring Action