Filter GTP-Tunneled HTTP Messages

About this task

Perform this procedure to filter or drop HTTPS traffic frames encapsulated in a version 1 GTP frame based on User Defined Attribute (UDA) ACL policy and allow non-filtered traffic to an EGRESS port or group.

Procedure

  1. Configure the ingress group with the required ingress ports.
  2. Configure the ACL for filtering GTP tunneled HTTPS messages.
  3. Set ACL filtering in the route-map.
  4. Apply the route-map policy to the ingress group.
  5. Send GTP tunneled HTTPS and HTTP traffic flows to the device under test.
    • The HTTPS traffic tunneled in GTP is dropped based on ACL configured in the route-map.
    • The non-filtered HTTP traffic in GTP is forwarded to the egress port/egress group.
  6. Verify the CLI statistics of ingress group to determine the number of packets or flows received and dropped.
  7. Verify the CLI statistics of egress port or egress group to determine the number of non-filtered packets or flows forwarded.
  8. Verify the CLI statistics of UDA ACL matches the number of GTP tunneled HTTPS packets and flows that are dropped.
  9. Verify that the GTP tunneled HTTPS packets matching the UDA ACL are not getting forwarded in egress groups and GTP tunneled HTTP packets are received by validating or capturing the wired PCAP collected in the analytical tools.
  10. Verify the statistics by enabling the logs of forwarding agents.