About ACLs
Access Controls List (ACL) filter the type of traffic that is allowed or denied access to the network or portion of the network. ACLs act as packet filters based on the criteria defined in the access list. ACLs defined on the Sonus SBC 1000/2000 do not take effect until they are applied to a port.
- Access Lists can filter incoming or outgoing packets on an interface, thereby controlling access based on source addresses, destination addresses, source layer4 ports, destination layer4 ports and IP protocol.
- ACLs are composed of a sequence of rules and the order of the rules is important. If an incoming packet matches multiple rules, the first matching rule is applied.
- A port may have only one input ACL and one output ACL.
After an ACL is created, it is bound (or applied) to the following interface/ports:
On the Sonus SBC 2000:
- Ethernet ports for inbound and forwarded traffic.
- Logical interfaces for inbound/outbound/forwarded traffic.
- ASM ACLs are applied to inbound and forwarded traffic only, and they are bound on the ASM interface.
On the Sonus SBC 1000:
- ACLs are bound to logical interfaces only.
| Info |
|---|
| title | Important Things to Remember When Creating an ACL |
|---|
|
- Because the Sonus SBC 1000/2000 stops testing conditions after the first match, the order of the conditions is critical. The same permit or deny statements specified in a different order may result in a packet being passed under one circumstance and denied in another.
- Input-ACL process packets arriving at the Sonus SBC 1000/2000 before routing to an outbound interface. An inbound access list is efficient because it saves the overhead of routing look-ups if the packet is discarded because it is denied by the filtering tests.
- Output-ACLs process packets before they leave the Sonus SBC 1000/2000.
- Forward-ACLs process packets that are forwarded from one Sonus SBC 1000/2000 port to another.
|
| Info |
|---|
| title | SBC Support when ACL is applied |
|---|
|
- Pinholing and RTP-Pinholing is not supported in Sonus SBC 1000/2000.
- SBC 2000 support is as follows:
- ACL may be applied to an Ethernet port and it takes effect for all the VLANs on that port.
- ACL may be applied to a Logical Interface and it is equivalent to applying ACL to a VLAN (note that a VLAN may have many Ethernet ports as members).
- SBC 1000 support is as follows:
|
Working with Access Control List Tables
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Protocols > IP > Access Control Lists.
| Panel |
|---|
|
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Access Control List Tables |
|---|
| 
|
|
To view an Access Control List's properties:
| Include Page |
|---|
| _View_Entry_Values |
|---|
| _View_Entry_Values |
|---|
| nopanel | true |
|---|
|
To modify an Access Control List:
| Include Page |
|---|
| _Modify_Table |
|---|
| _Modify_Table |
|---|
| nopanel | true |
|---|
|
To create an Access Control List table:
Click the Create ( ) icon.
| Panel |
|---|
|
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Create Access Control List Table |
|---|
| |
|
- Enter a descriptive name in the Description text field.
- Click OK.
| Include Page |
|---|
| _Delete_Entry_Procedure |
|---|
| _Delete_Entry_Procedure |
|---|
| nopanel | true |
|---|
|
| Note |
|---|
| icon | false |
|---|
| title | Restrictions on Deleting ACLs |
|---|
|
An ACL may not be deleted if it is bound to any port or logical interface. However, you may delete or modify a rule within a bound ACL. Any modification or deletion is effective immediately. |