You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Back to Table of Contents

Back to All

Back to All - Address Context

Back to Address Context - Ip Access Control List

In this section:

This object is used to configure the IP Access Control List rules. 

To View Rule

On SBC main screen, navigate to All > Address Context > Ip Access Control List > Rule.

The Rule can be checked for each Address Context or for all the Address Contexts created. Use the drop-down box to select the desired Address Context.

All - Address Context - Ip Access Control List - Rule Main Field

The Rule window is displayed.

All - Address Context - Ip Access Control List - Rule

To Edit Rule

To edit any of the Rule in the list, click the radio button next to the specific Rule name.

All - Address Context - Ip Access Control List - Rule Highlighted

The Edit Selected Rule window is displayed below.

All - Address Context - Ip Access Control List - Rule Edit Window

Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Create Rule

To create a new Rule, click New Rule tab on the Rule List panel.

All - Address Context - Ip Access Control List - Rule Fields

The Create New Rule window is displayed.

All - Address Context - Ip Access Control List - Rule Create Window

The following fields are displayed:

Rule Parameters

Parameter

Description

Name

The name of this access control list rule.

Precedence

Use this parameter to specify the rule precedence (e.g. when the rule is loaded and executed over other Rule for each incoming packet). If an incoming packet matches two identical Rule, then IP ACL rule with the highest precedence is applied for that incoming packet.

Each IP ACL rule must use a unique precedence value.

Protocol

Enter IP protocol type for use as a criterion of the IP input match. Choices are 0-255, or one of the following:

  • any – (default) filter all protocols
  • icmp filter ICMP only
  • icmpv6 filter ICMPv6 only
  • ospf filter OSPF only
  • tcp filter TCP only
  • udp filter UDP only 

These protocols are typically associated with particular logical port values.

IP Interface
Group

The name of a IP interface group to match or "any" to match any IP interface group.

IP Interface

The name of an IP interface to match, or "any" to match any IP interface.

Mgmt IP Interface Group

The name of an management Interface Group.

Mgmt IP Interface

The name of an management IP Interface.

Source IP Address

The source IP address to match.

When configuring a Source Ip Address, the Source Address Prefix Length must also be specified.

Source Address
Prefix Length

The length of source IP address prefix which must match the protocol. Must be 0 -
32, default is 0.

Destination IP Address

The destination IP address (IPV4/IPV6) prefix to match.

When configuring a Destination Ip Address, the Destination Address Prefix Length must also be specified.

Destination Address Prefix LengthSpecifies the length of destination IP address prefix. The value ranges from 0 to 128 and the default value is 0.

Source Port

The IP port value. Must be 0 - 65535, default is any.

Destination
Port

The IP port value. Must be 0 - 65535, default is any.

Action

The action to be taken when the IP access control list rule match.

  • Accept
  • Discard

Fill Rate

The number of packets to add to the bucket credit balance (in packets/second). If a packet is received at a rate exceeding this fill rate, it is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. The bucket credit balance is always less than the configured bucket size regardless of the size of this increment.

Must be 1 - 10000, default is 50.

Bucket Size

The policing bucket size (in packets). It represents a credit balance that should be consumed before the packets are discarded. The consumed credits reside in the bucket and gets reduced for every packet received on the Network Interface (NI). If a packet is received when the credit balance is less than the size of the packet, the packet is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. (default is 'unlimited', which allows continuous policing). Must be 2048-65520, default is 50.

State

It specifies the administrative state of ACL rule.

  • enabled
  • disabled (default)
Vm App NameSpecifies the name of the Virtual Machine application used.
Aggregate PolicerSpecifies the name of aggregate policer with which this rule is associated.

To Copy Rule

To copy any of the created Rule and to make any minor changes, click the radio button next to the specific Rule to highlight the row.

All - Address Context - Ip Access Control List - Rule Highlighted

 

Click Copy Rule tab on the Rule List panel.

All - Address Context - Ip Access Control List - Rule Fields

 

The Copy Selected Rule window is displayed along with the field details which can be edited.

All - Address Context - Ip Access Control List - Rule Copy Window

Make the required changes to the required fields and click Save to save the changes. The copied Rule is displayed at the bottom of the original Rule in the Rule List panel.

To Delete Rule

To delete any of the created Rule, click the radio button next to the specific Rule which you want to delete.

All - Address Context - Ip Access Control List - Rule Highlighted

 

Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.

All - Address Context - Ip Access Control List - Rule Delete Confirmation

Click OK to remove the specific Rule from the list.

 

 

 

 

  • No labels