Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

About ACLs

Access Controls List (ACL) filter the type of traffic that is allowed or denied access to the network or portion of the network. ACLs act as packet filters based on the criteria defined in the access list. ACLs defined on the Sonus SBC 1000/2000 do not take effect until they are applied to a port.

  • Access Lists can filter incoming or outgoing packets on an interface, thereby controlling access based on source addresses, destination addresses, source layer4 ports, destination layer4 ports and IP protocol.
  • ACLs are composed of a sequence of rules and the order of the rules is important. If an incoming packet matches multiple rules, the first matching rule is applied.
  • A port may have only one input ACL and one output ACL.

After an ACL is created, it is bound (or applied) to the following interface/ports:

On the Sonus SBC 2000:

  • Ethernet ports for inbound and forwarded traffic.
  • Logical interfaces for inbound/outbound/forwarded traffic.
  • ASM ACLs are applied to inbound and forwarded traffic only, and they are bound on the ASM interface.

On the Sonus SBC 1000:

  • ACLs are bound to logical interfaces only.
Info
titleImportant Things to Remember When Creating an ACL
  • Because the Sonus SBC 1000/2000 stops testing conditions after the first match, the order of the conditions is critical. The same permit or deny statements specified in a different order may result in a packet being passed under one circumstance and denied in another.
  • Input-ACL process packets arriving at the Sonus SBC 1000/2000 before routing to an outbound interface. An inbound access list is efficient because it saves the overhead of routing look-ups if the packet is discarded because it is denied by the filtering tests.
  • Output-ACLs process packets before they leave the Sonus SBC 1000/2000.
  • Forward-ACLs process packets that are forwarded from one Sonus SBC 1000/2000 port to another.
Info
titleSBC Support when ACL is applied
  • Pinholing and RTP-Pinholing is not supported in Sonus SBC 1000/2000.
  • SBC 2000 support is as follows: 
    •  ACL may be applied to an Ethernet port and it takes effect for all the VLANs on that port.
    • ACL may be applied to a Logical Interface and it is equivalent to applying ACL to a VLAN (note that a VLAN may have many Ethernet ports as members). 
  • SBC 1000 support is as follows:
    • ACLs cannot be applied to Ethernet ports. 

    • ACL may be applied to a Logical Interface and it is equivalent to applying ACL to a VLAN (note that a VLAN may have many Ethernet ports as members).

Working with Access Control List Tables

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Protocols > IP > Access Control Lists.

    Panel
    borderStylenone

    Caption
    0Figure
    1Access Control List Tables

     

To view an Access Control List's properties:

Include Page
_View_Entry_Values
_View_Entry_Values
nopaneltrue

To modify an Access Control List:

Include Page
_Modify_Table
_Modify_Table
nopaneltrue

To create an Access Control List table:

  1. Click the Create ( ) icon.

    Panel
    borderStylenone

    Caption
    0Figure
    1Create Access Control List Table

     

  2. Enter a descriptive name in the Description text field.
  3. Click OK.

Include Page
_Delete_Entry_Procedure
_Delete_Entry_Procedure
nopaneltrue

Note
iconfalse
titleRestrictions on Deleting ACLs

An ACL may not be deleted if it is bound to any port or logical interface. However, you may delete or modify a rule within a bound ACL. Any modification or deletion is effective immediately.

Children Display
depth3
styleh5

Pagebreak