CSCF ACL Configuration Mode Commands

The CSCF ACL (Access Control List) Configuration Mode is used to configure session permissions (permit/deny access) within the system.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

after

Places the CSCF ACL entry at the bottom or end of the ACL. Use this command in conjunction with the permit and/or deny commands.

Platform:

ASR 5000

Product:

SCM


Privilege:

Administrator


Syntax 
after

Usage:

Add this command before the permit and/or deny commands to place the entry at the end of the ACL.

before

Places the CSCF ACL entry at the beginning or top of the ACL. Use this command in conjunction with the permit and/or deny commands.

Platform:

ASR 5000

Product:

SCM


Privilege:

Administrator


Syntax 
before

Usage:

Add this command before the permit and/or deny commands to place the entry at the beginning of the ACL.

deny

Configures the system to deny subscriber sessions based on criteria matching the received packet.

Platform:

ASR 5000

Product:

SCM


Privilege:

Administrator


Syntax 
deny { any | destination
aor aor | log { any | destination
aor aor | source { address ip_address | aor aor } } | source { address ip_address | aor aor } } +no deny { any | destination
aor aor | source { address ip_address | aor aor } }
any

Filters all CSCF sessions.

destination aor aor

Filters sessions based on the destination AoR. aor must be an existing AoR from 1 to 79 characters in length.

IMPORTANT:

AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.

log { any | destination aor aor | source { address ip_address | aor aor } }

Enables logging for CSCF sessions meeting the criteria specified in the ACL. The logs can be viewed by executing the logging filter active facility acl-log command in the Exec mode.

Specifies the criteria that packets will be compared against. The following criteria are supported:
  • any
  • destination aor aor
  • source address ip_address
  • source aor aor
source { address ip_address | aor aor }
Filters session based on the source IP address or AoR.
  • ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
  • aor must be an existing AoR from 1 to 79 characters in length.

IMPORTANT:

AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Cisco ASR 5000 Series Session Control Manager Administration Guide for more information about regular expressions.

+

This symbol indicates that the keywords can be entered multiple times within a single command.

no deny { any | destination aor aor | source { address ip_address | aor aor } }

Removes specified filter criteria.


Usage:

Specifies the subscriber sessions to deny based on the criteria specified.


Example:
The following command denies access to subscribers with a source address of 1.2.3.4:
deny source address 1.2.3.4
end

Exits the current mode and returns to the Exec Mode.

Product:

All


Privilege:

Administrator


Syntax 
end

Usage:

Change the mode back to the Exec mode.

exit

Exits the current mode and returns to the previous mode.

Product:

All


Privilege:

Administrator


Syntax 
exit

Usage:

Return to the previous mode.

permit

Configures the system to allow subscriber sessions based on criteria matching the received packet.

Platform:

ASR 5000

Product:

SCM


Privilege:

Administrator


Syntax 
permit { any | destination
aor aor | log { any | destination
aor aor | source { address ip_address | aor aor }  } | source { address ip_address | aor aor } } +no permit { any | destination
aor aor | source { address ip_address | aor aor } }
any

Filters all CSCF sessions.

destination aor aor

Filters sessions based on the destination AoR.

aor must be an existing AoR from 1 to 79 characters in length.

IMPORTANT:

AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Cisco ASR 5000 Series Session Control Manager Administration Guide for more information about regular expressions.

log { any | destination aor aor | source { address ip_address | aor aor } }

Enables logging for CSCF sessions meeting the criteria specified in the ACL. The logs can be viewed by executing the logging filter active facility acl-log command in the Exec mode.

Specifies the criteria that packets will be compared against. The following criteria are supported:
  • any
  • destination aor aor
  • source address ip_address
  • source aor aor
source { address ip_address | aor aor }
Filters session based on the source IP address or AoR.
  • ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
  • aor must be an existing AoR from 1 to 79 characters in length.

IMPORTANT:

AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.

+

This symbol indicates that the keywords can be entered multiple times within a single command.

no permit { any | destination aor aor | source { address ip_address | aor aor } }

Removes specified filter criteria.


Usage:

Specifies the subscriber sessions to permit based on the criteria specified.


Example:
The following command permits access to subscribers with a destination AoR of $.@abc123.com:
permit destination aor $.@abc123.com