In this section:

This object is used to configure the IP Access Control List rules.

The IP Access Control List Rule can only be created on a Default Address Context.

To View Rule

On the SBC main screen, go to Configuration > System Provisioning > Security Configuration > Ip Access Control List > Rule.

The Rule window displays.


To Edit a Rule

To edit any of the Rules in the list, click the radio button next to the specific Rule name.

 

For field descriptions, see Rule Parameters


Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Create a Rule

To create a new Rule, click New Rule tab on the Rule List panel.

 

The Create New Rule window is displayed.

Rule Parameters

Parameter

Description

Name

The name of this access control list rule.

Precedence

Use this parameter to specify the rule precedence to control which ACL rule is applied when multiple rules match a given packet. If an incoming packet matches multiple rules, the IP ACL rule with the highest precedence (lowest numerical precedence value) is applied to that packet.

Each IP ACL rule must use a unique precedence value.

Protocol

Enter IP protocol type for use as a criterion of the IP input match. Choices are 0-255, or one of the following:

  • any – (default) filter all protocols
  • icmp – filter ICMP only
  • icmpv6 – filter ICMPv6 only
  • ospf – filter OSPF only
  • tcp – filter TCP only
  • udp – filter UDP only 

These protocols are typically associated with particular logical port values.

IP Interface
Group

The name of a IP interface group to match or "any" to match any IP interface group.

IP Interface

The name of an IP interface to match, or "any" to match any IP interface.

Mgmt IP Interface Group

The name of a Management Interface Group.

NOTE: The Mgmt IP Interface Group parameter is only available from the Default Address Context, even if the Default Address Context does not contain any other configurations.

Mgmt IP Interface

The name of a Management IP Interface.

NOTE: The Mgmt IP Interface parameter is only available from the Default Address Context, even if the Default Address Context does not contain any other configurations.

Source IP Address

The source IP address to match.

When configuring a Source Ip Address, you must also specify Source Address Prefix Length.

Source Address
Prefix Length

The length of source IP address prefix which must match the protocol.

Range: 0 - 32, default is 0

Destination IP Address

The destination IP address (IPV4/IPV6) prefix to match.

When configuring a Destination Ip Address, you must also specify the Destination Address Prefix Length.

Destination Address Prefix Length

Specify the length of destination IP address prefix. 

Range: 0 to 128, default is 0.

Source Port

The IP port value. Must be 0 - 65535, default is any.

Destination
Port

The IP port value. Must be 0 - 65535, default is any.

Action

The action to be taken when the IP access control list rule match.

  • Accept
  • Discard
  • Unconditional Deny

Fill Rate

The number of packets to add to the bucket credit balance (in packets/second). If a packet is received at a rate exceeding this fill rate, it is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. The bucket credit balance is always less than the configured bucket size regardless of the size of this increment.

Range: 1 - 10000, default is 50

Bucket Size

The policing bucket size (in packets). It represents a credit balance that should be consumed before the packets are discarded. The consumed credits reside in the bucket and gets reduced for every packet received on the Network Interface (NI). If a packet is received when the credit balance is less than the size of the packet, the packet is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. (default is 'unlimited', which allows continuous policing).

Range: 1 - 255, default is 50

State

It specifies the administrative state of ACL rule.

  • Enabled
  • Disabled (default)
Vm App NameSpecify the name of the Virtual Machine application used.
Aggregate PolicerSpecify the name of aggregate policer with which this rule is associated.

To Copy a Rule

To copy any of the created Rule and to make any minor changes, click the radio button next to the specific Rule to highlight the row.

Click Copy Rule tab on the Rule List panel.


 

The Copy Selected Rule window is displayed along with the field details which can be edited.

Make the required changes to the required fields and click Save to save the changes. The copied Rule is displayed at the bottom of the original Rule in the Rule List panel.

To Delete a Rule

To delete any of the created Rule, click the radio button next to the specific Rule which you want to delete.

Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.

Click Yes to remove the specific Rule from the list.


  • No labels