...
...
| borderColor | green |
|---|
| bgColor | transparent |
|---|
| borderWidth | 2 |
|---|
...
Back to Table of Contents
Back to All
Back to All - Address Context
Back to Address Context - Ip Access Control List
This object is used to configure the IP Access Control List rules.
To View Rule
...
Use the IP Access Control List - Rule window to configure your own IP Access Control List (ACL) rules within a specified address context. Use IP ACL rules to permit or deny packets into the SBC. These rules are applied to incoming packets in addition to the system-defined and default ACL rules. Refer to IP ACL Policing - Packet Filtering and Types of ACLs for more information on SBC access control lists and types of rules.
To View Rules
On the SBC main screen, navigate to All > Address Context >
...
IP Access Control List > Rule.
...
...
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Main Field |
|---|
|
| |
Image Removed
The Rule window is displayed.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule |
|---|
|
| |
Image Removed
To Edit Rule
...
window opens showing rules for all address contexts. Select an address context in the Address Context list to filter the list for a specific address context.
...
| IP Access Control List - Rule |
|
...
...
| Image Modified |
...
The Edit Selected Rule window is displayed below.
...
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Edit Window |
|---|
...
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.
...
a Rule
A new IP ACL rule must be created within a specific address context. To create a new
...
rule:
- Select an address context within the Address Context list. The New Rule option becomes available.
Click New Rule. The Create New Rule window opens. The figure below shows options for a hardware-based SBC. Note that the rule options are different for an SBC SWe Cloud D-SBC deployment as described in the table that follows
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Fields |
|---|
|
| |
Image Removed
...
...
...
| Image Modified |
...
- Use the following table to configure the rule options and then click Save.
...
...
Specify a name for the ACL rule. | Precedence |
|
...
Specify the rule precedence |
|
...
to control which ACL rule is applied when multiple rules match. If an incoming packet matches |
|
...
multiple rules, the IP ACL rule with the highest precedence (lowest numeric value) is applied |
|
...
...
packet. Each IP ACL rule must |
|
...
include a precedence value and each precedence value must be unique. | Protocol |
|
...
Specify an IP protocol type |
|
...
to match. Choices are 0-255, or one of the following: - any – (default) filter all protocols
- icmp – filter ICMP only
- icmpv6 – filter ICMPv6 only
- ospf – filter OSPF only
- tcp – filter TCP only
- udp – filter UDP only
These protocols are typically associated with particular logical port values. | IP Interface
Group |
|
...
Select an IP interface group to |
|
...
...
a specific IP interface group. | IP Interface |
|
...
Select an IP interface to |
|
...
...
a specific IP interface. | Mgmt IP Interface Group |
|
...
Select a Management Interface Group to match a specific Management Interface Group. NOTE: The Mgmt IP Interface Group parameter is only available from the default Address Context, even if the default Address Context does not contain any other configurations. | Mgmt IP Interface |
|
...
Select a Management Interface to match a specific Management Interface. NOTE: The Mgmt IP Interface parameter is only available from the default Address Context, even if the default Address Context does not contain any other configurations. | Source IP Address |
|
...
Specify the source IP address to match. |
|
...
The default is 0.0.0.0. NOTE: If you configure a Source IP Address, then a |
|
Source Address Prefix Length must also be specified. | Source Address
Prefix Length |
|
...
...
for the source IP address prefix |
|
...
...
128, the default is 0. | Destination IP Address |
|
...
Specify the destination IP address |
|
...
...
. The default is 0.0.0.0. NOTE: If you configure a Destination IP Address, then a |
|
Destination Address Prefix Length must also be specified. | | Destination Address Prefix Length |
|
...
| Specify a length for the destination IP address prefix. The value ranges from 0 to 128 |
|
...
...
...
Specify a source port value. Must be 0 - 65535 or any, the default is any. | Destination
Port |
|
...
Specify a destination port value. Must be 0 - 65535 or any, the default is any. | Action |
|
...
...
...
a packet matches the rule. The options are: | Fill Rate |
|
...
Specify the number of packets to add to the bucket credit balance (in packets/second). If |
|
...
packets are received at a rate exceeding this fill rate, |
|
...
...
subject to the discard rate set in the IP Policing Alarm profile or in |
|
...
thePolicerAlarm monitoring this |
|
...
port. The bucket credit balance is always less than the configured bucket size regardless of the size of this increment. |
|
...
...
320000 or unlimited, the default is 50. | Bucket Size |
|
...
Specify the policing bucket size (in packets). |
|
...
This represents a credit balance that |
|
...
...
...
which allows for occasional traffic bursts. If a packet is received when the credit balance is less than the size of the packet, the packet is discarded |
|
...
subject to the discard rate set in the IP Policing Alarm profile or in |
|
...
thePolicerAlarm monitoring this |
|
...
...
...
255 or unlimited, the default is 50. | State |
|
...
Specify the administrative state |
|
...
...
...
...
| The following options appear when you create an ACL rule for a D-SBC SWe Cloud system. | | Dest Type IP Version | Specify the IP version type for the destination. The options are: | Destination IP Address | Specify the destination IP address (IPV4/IPV6) to match. | | Destination Address Prefix Length | Specify a length for the destination IP address prefix. The value ranges from 0 to 128. | | Dest IP Interface Group | Select an IP interface group to specify to match a specific IP interface group for the destination host address. | | Dest IP Interface | Select an IP interface to specify to match a specific IP interface for the destination host address. | | Dest Mgmt IP Interface Group | Select a Management Interface Group to match a specific Management Interface Group for the destination host address. | | Dest Mgmt IP Interface | Select a Management Interface to match a specific Management Interface for the destination host address. | | Dest SIP Sig Port Zone | Select the zone name of the SIP Signaling Port for the destination address. | | Dest SIP Sig Port Index | Specify the index number for the SIP Signaling Port for the destination address. |
|
To Edit a Rule
To edit the configuration of a custom ACL rule:
- Click the radio button next to the rule you want to edit. The Edit Selected Rule window opens.
- Modify the options as needed and click Save.
To Copy a Rule
To copy the configuration of a custom ACL rule and make changes to the copy:
- Click the radio button next to the rule you want to copy. The Copy Selected Rule window opens.
- Modify the options as needed and click Save.
To Delete a Rule
To delete the configuration of a custom ACL rule:
- Click the radio button next to the rule that you want to delete.
- Click the Delete (X) icon at the end of the row.
- Confirm the deletion when prompted.
To Copy Rule
To copy any of the created Rule and to make any minor changes, click the radio button next to the specific Rule to highlight the row.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Highlighted |
|---|
|
| |
Image Removed
Click Copy Rule tab on the Rule List panel.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Fields |
|---|
|
| |
Image Removed
The Copy Selected Rule window is displayed along with the field details which can be edited.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Copy Window |
|---|
|
| |
Image Removed
Make the required changes to the required fields and click Save to save the changes. The copied Rule is displayed at the bottom of the original Rule in the Rule List panel.
To Delete Rule
To delete any of the created Rule, click the radio button next to the specific Rule which you want to delete.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Highlighted |
|---|
|
| |
Image Removed
Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | All - Address Context - Ip Access Control List - Rule Delete Confirmation |
|---|
|
| |
Image Removed
Click Yes to remove the specific Rule from the list.
...