Configuring ACL

To apply the ACL to individual subscriber through APN, use the following configuration:
configure 
   context dest_context_name [ -noconfirm ] 
      { ip | ipv6 } access-list acl_list_name  
         { permit | deny | redirect }acl 
         end  
configure 
   apn apn_name 
      { ip | ipv6 } access-group acl_list_name [ in | out ] 
      end 

Notes:

  • The ACL to be applied must be in the destination context of the APN (which can be different from the context where the APN is configured).

  • If neither the in nor the out keyword is specified, the ACL will be applied to all inbound and outbound packets.

  • Four access-groups can be applied for each APN, for example:

    ip access-group acl_list_name_1 in

    ip access-group acl_list_name_2 out

    ipv6 access-group acl_list_name_3 in

    ipv6 access-group acl_list_name_4 out