Actions

ACLs specify that one of the following actions can be taken on a packet that matches the specified criteria:

  • Permit: The packet is accepted and processed for classification and policy enforcement.

  • Deny: The packet is rejected.

  • Redirect CSS: The behaviour is the same as Permit action.

NOTES:

  • In UPF, it's recommended to use Permit option instead of Redirect CSS. Functionally, both the options are equivalent in UPF. Support for Redirect CSS option is only for backward compatibility and should be used only in such scenarios.

  • Configured ACLs consisting of no rules imply a "deny any" rule. This is the default behavior for an empty ACL.

  • In UPF, if ACLs aren't associated with an APN, then call is up. By default, traffic is processed for classification and policy enforcement. For non-UPF architecture, call fails as Redirect CSS is mandatory.

  • If only Deny option is given in the ACL for certain traffic, then to pass the rest of the traffic, Permit option must be given explicitly.

  • If only permit option is given in the ACL for certain traffic, then to pass the rest of the traffic, permit must be given explicitly for that traffic.

  • Router Advertisement/Router Solicitation (RA/RS) packets are candidate for ACL. So, take caution in putting the IPv6 ACL.

  • Configuration change in ACL is applied for a new call and not on the existing call.