CSCF ACL Configuration Mode Commands

CSCF ACL Configuration Mode Commands
 
The CSCF ACL (Access Control List) Configuration Mode is used to configure session permissions (permit/deny access) within the system.
note_smallImportant: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
after
Places the CSCF ACL entry at the bottom or end of the ACL. Use this command in conjunction with the permit and/or deny commands.
Product
SCM
Privilege
Administrator
Syntax
after
Usage
Add this command before the permit and/or deny commands to place the entry at the end of the ACL.
before
Places the CSCF ACL entry at the beginning or top of the ACL. Use this command in conjunction with the permit and/or deny commands.
Product
SCM
Privilege
Administrator
Syntax
before
Usage
Add this command before the permit and/or deny commands to place the entry at the beginning of the ACL.
deny
Configures the system to deny subscriber sessions based on criteria matching the received packet.
Product
SCM
Privilege
Administrator
Syntax
deny { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } +
no deny { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type }
any
Filters all CSCF sessions.
destination aor aor
Filters sessions based on the destination AoR. aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.
log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type }
Enables logging for CSCF sessions meeting the criteria specified in the ACL. The logs can be viewed by executing the logging filter active facility acl-log command in the Exec mode.
Specifies the criteria that packets will be compared against. The following criteria are supported:
any
destination aor aor
source address ip_address
source aor aor
subscriber-capability capability_type
user-agent device-type device_type
source { address ip_address | aor aor }
Filters session based on the source IP address or AoR.
ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Cisco ASR 5000 Series Session Control Manager Administration Guide for more information about regular expressions.
subscriber-capability { capability_type }
Filters session based on one of the following subscriber capability types:
at - Custom AT Type
audio - Audio Capability Type
chat - Custom CHAT Type
cs - Custom CS Type
ft - Custom FT Type
im - Custom IM Type
mms - Custom MMS Type
msg - Custom MSG Type
oma-sip-im - Custom OMA SIP-IM Type
rcs-dp - Custom RCS-DP Type
rcs-e - Custom RCS-E Type
rcs-ft - Custom RCS-FT Type
rcs-im - Custom RCS-IM Type
rcs-is - Custom RCS-IS Type
rcs-sp - Custom RCS-SP Type
rcs-vs - Custom RCS-VS Type
text - Text Capability Type
video - Video Capability Type
vt - Custom VT Type
vt-ft - Custom VT-FT Type
vt-is - Custom VT -IS Type
vt-loc - Custom VT-LOC Type
vt-memo - Custom VT-MEMO Type
user-agent device-type device_type
Filters session based on device-type in user-agent header.
device_type must be from 1 to 15 characters in length. The following user agent device types are supported.
feature_phone
smart_phone
pad
tablet_pc
pc
soft_phone
modem
+
This symbol indicates that the keywords can be entered multiple times within a single command.
no deny { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } }
Removes specified filter criteria.
Usage
Specifies the subscriber sessions to deny based on the criteria specified.
Example
The following command denies access to subscribers with a source address of 1.2.3.4:
deny source address 1.2.3.4
end
Exits the current mode and returns to the Exec Mode.
Product
All
Privilege
Administrator
Syntax
end
Usage
Change the mode back to the Exec mode.
exit
Exits the current mode and returns to the previous mode.
Product
All
Privilege
Administrator
Syntax
exit
Usage
Return to the previous mode.
permit
Configures the system to allow subscriber sessions based on criteria matching the received packet.
Product
SCM
Privilege
Administrator
Syntax
permit { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } +
no permit { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type }
any
Filters all CSCF sessions.
destination aor aor
Filters sessions based on the destination AoR.
aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Cisco ASR 5000 Series Session Control Manager Administration Guide for more information about regular expressions.
log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type }
Enables logging for CSCF sessions meeting the criteria specified in the ACL. The logs can be viewed by executing the logging filter active facility acl-log command in the Exec mode.
Specifies the criteria that packets will be compared against. The following criteria are supported:
any
destination aor aor
source address ip_address
source aor aor
subscriber-capability capability_type
user-agent device-type device_type
source { address ip_address | aor aor }
Filters session based on the source IP address or AoR.
ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.
subscriber-capability { capability_type }
Filters session based on one of the following subscriber capability types:
at - Custom AT Type
audio - Audio Capability Type
chat - Custom CHAT Type
cs - Custom CS Type
ft - Custom FT Type
im - Custom IM Type
mms - Custom MMS Type
msg - Custom MSG Type
oma-sip-im - Custom OMA SIP-IM Type
rcs-dp - Custom RCS-DP Type
rcs-e - Custom RCS-E Type
rcs-ft - Custom RCS-FT Type
rcs-im - Custom RCS-IM Type
rcs-is - Custom RCS-IS Type
rcs-sp - Custom RCS-SP Type
rcs-vs - Custom RCS-VS Type
text - Text Capability Type
video - Video Capability Type
vt - Custom VT Type
vt-ft - Custom VT-FT Type
vt-is - Custom VT -IS Type
vt-loc - Custom VT-LOC Type
vt-memo - Custom VT-MEMO Type
user-agent device-type device_type
Filters session based on device-type in user-agent header.
device_type must be from 1 to 15 characters in length. The following user agent device types are supported.
feature_phone
smart_phone
pad
tablet_pc
pc
soft_phone
modem
+
This symbol indicates that the keywords can be entered multiple times within a single command.
no permit { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } }
Removes specified filter criteria.
Usage
Specifies the subscriber sessions to permit based on the criteria specified.
Example
The following command permits access to subscribers with a destination AoR of $.@abc123.com:
permit destination aor $.@abc123.com
redirect
Configures the system to redirect subscriber sessions to another CSCF based on criteria matching the received packet.
Product
SCM
Privilege
Administrator
Syntax
redirect { address ip_address | host host_name } [ port port_number ] { any | destination aor aor | log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } | source { address ip_address | aor aor } | subscriber-capability capability_type | user-agent device-type device_type } +
no redirect { address ip_address | host host_name } [ port port_number ] { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability capability_type }
address ip_address
The address to which UE should be redirected.
ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
host host_name
The host to which UE should be redirected.
host_name must be an existing name from 1 to 79 characters in length.
port port_number
The port at which request should be redirected.
port_number must be an integer from 1 to 65535.
any
Redirect UE to address/host.
destination aor aor
Redirect UE to address/host if destination AoR matches.
aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.
log { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } | user-agent device-type device_type }
Enables logging for redirect ed UE meeting the criteria specified in the ACL. The logs can be viewed by executing the logging filter active facility acl-log command in the Exec mode.
Specifies the criteria that packets will be compared against. The following criteria are supported:
any
destination aor aor
source address ip_address
source aor aor
subscriber-capability capability_type
user-agent device-type device_type
source { address ip_address | aor aor }
Redirect UE to address/host if source IP address or AoR matches.
ip_address must be expressed in dotted decimal notation for IPv4 or colon notation for IPv6.
aor must be an existing AoR from 1 to 79 characters in length.
note_smallImportant: AoR regular expressions are supported. Refer to the SCM Engineering Rules Appendix in the Session Control Manager Administration Guide for more information about regular expressions.
subscriber-capability { capability_type }
Redirect UE to address/host if contact has one of the following subscriber capability types:
at - custom AT type
audio - audio capability type
chat - custom CHAT type
cs - custom CS type
ft - custom FT type
im - custom IM type
mms - custom MMS type
msg - Custom MSG Type
oma-sip-im - Custom OMA SIP-IM Type
rcs-dp - Custom RCS-DP Type
rcs-e - Custom RCS-E Type
rcs-ft - Custom RCS-FT Type
rcs-im - Custom RCS-IM Type
rcs-is - Custom RCS-IS Type
rcs-sp - Custom RCS-SP Type
rcs-vs - Custom RCS-VS Type
text - Text Capability Type
video - Video Capability Type
vt - Custom VT Type
vt-ft - Custom VT-FT Type
vt-is - Custom VT -IS Type
vt-loc - Custom VT-LOC Type
vt-memo - Custom VT-MEMO Type
user-agent device-type device_type
Redirect UE to address/host according to device-type in user-agent header.
device_type must be from 1 to 15 characters in length. The following user agent device types are supported.
feature_phone
smart_phone
pad
tablet_pc
pc
soft_phone
modem
+
This symbol indicates that the keywords can be entered multiple times within a single command.
no redirect { address ip_address | host host_name } [ port port_number ] { any | destination aor aor | source { address ip_address | aor aor } | subscriber-capability { capability_type } }
Removes specified redirect location and filter criteria.
Usage
Specifies the subscriber sessions to redirect based on the criteria specified.
Example
The following command redirects subscribers with a destination AoR of $.@abc123.com to host scscf.com:
redirect host scscf.com destination aor $.@abc123.com
 
 
Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883