Perform this procedure to filter or drop
HTTPS traffic frames encapsulated in a version 1 GTP frame based on User Defined
Attribute (UDA) ACL policy and allow non-filtered traffic to an EGRESS port or
group.
Procedure
Configure the ingress group with
the required ingress ports.
Configure the ACL for filtering
GTP tunneled HTTPS messages.
Set ACL filtering in the
route-map.
Apply the route-map policy to
the ingress group.
Send GTP tunneled HTTPS and HTTP
traffic flows to the device under test.
The HTTPS traffic
tunneled in GTP is dropped based on ACL configured in the
route-map.
The non-filtered HTTP
traffic in GTP is forwarded to the egress port/egress group.
Verify the CLI statistics of
ingress group to determine the number of packets or flows received and
dropped.
Verify the CLI statistics of
egress port or egress group to determine the number of non-filtered packets or
flows forwarded.
Verify the CLI statistics of UDA
ACL matches the number of GTP tunneled HTTPS packets and flows that are
dropped.
Verify that the GTP tunneled
HTTPS packets matching the UDA ACL are not getting forwarded in egress groups
and GTP tunneled HTTP packets are received by validating or capturing the wired
PCAP collected in the analytical tools.
Verify the statistics by enabling the logs
of forwarding agents.
