Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation

CTPView Network Management System Administration

keyboard_arrow_up
Expand All close
Expand All close
CTPView Network Management System Administration
list Table of Contents
file_download PDF
{ "lCode": "en_US", "lName": "English", "folder": "en_US" }
English
 

Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)

date_range 20-Jan-22

An access control list (ACL) is a sequential collection of permit and deny conditions that you can use to filter inbound or outbound routes. You can use different kinds of access lists to filter routes based on The router compares each route's IP address against the conditions in the list, one-by-one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes.

You can define an access list to permit or deny routes on the basis of the IP address or the range of IP addresses. Each access list is a set of permit or deny conditions (based on how they match a route's address) for a route. A zero in the wildcard mask means that the corresponding bit in the address must be exactly matched by the route. A one in the wildcard mask means that the corresponding bit in the address does not have to be matched by the route. You can also specify a range of IP addresses, by entering the starting IP address and the ending IP address in the range separated by a hyphen (-), if you want to enable or disallow traffic from a set of IP addresses.

Best Practice

We recommend that you modify the IP ACLs during periods of relatively low traffic to minimize network disruptions and outages in processing packets.

Before you begin, log in to the CTPView server and access the CTPView Configuration Menu. See Accessing the CTPView Server Configuration Menu (CTPView Server Menu).

Note

You cannot use an SSH application to access the CTPView server until you have configured the server in your network and assigned it an IP address. See Configuring the Network Access (CTPView Server Menu).

To add, remove, or display IP ACLs:

  1. From the CTPView Configuration Menu, select 6) PostgreSQL Functions.
  2. Select 6) IP ACL Function. The IP ACL Function menu is displayed, which enables you to create a new ACL, delete a previously configured ACL, and view all the ACLs configured on your CTP device.
    content_copy zoom_out_map
    CTPView Configuration Menu

Please choose a menu item from the following list:

0) Exit CTPView Configuration Menu
1) Security Profile
2) System Configuration
3) Port Forwarding
4) Advanced Functions
5) Backup Functions
6) PostgreSQL Functions
7) CTPView Access Functions
8) GRUB Functions
9) AAA Functions

Please input your choice [0]: 6
************************************************************
     CTPView version 7.2R1-rc3 151120
     Server: ctpview    Date: Mon Dec  7 06:00:20 2015
     Release: CentOS release 5.11 (Final)
     Kernel: 2.6.18-406.el5
     User root logged in from 10.215.150.11 as root
     +++++  ALL  ACTIONS  ARE  LOGGED  +++++
************************************************************

PostgreSQL Menu

Please choose a menu item from the following list:

0) Return to previous menu
1) Change PostgreSQL Administrator password
2) Change PostgreSQL Apache password
3) Restart PostgreSQL Server
4) Initialize Web UI Template Accounts
5) IP ACL Function
6) Upgrade Database Structures

Please input your choice [0]: 5
************************************************************
     CTPView version 7.2R1-rc3 151120
     Server: ctpview    Date: Mon Dec  7 06:00:23 2015
     Release: CentOS release 5.11 (Final)
     Kernel: 2.6.18-406.el5
     User root logged in from 10.215.150.11 as root
     +++++  ALL  ACTIONS  ARE  LOGGED  +++++
************************************************************

IP ACL Function Menu

Please choose a menu item from the following list:

0) Return to previous menu
1) Add
2) Remove
3) Show

Please input your choice [0]: 1

Enter the IP or IP range[e.g 10.0.1-23.*]: 1.2.3.4

Specify the permission
0) Deny
1) Allow
Please input your choice [0]: 0
IP range/ IP address added successfully...

Hit return to continue...
  3. Select 1) Add
  4. Follow the onscreen instructions and configure the options as described inTable 1.

    Table 1: Creating an IP ACL

    FieldFunctionYour Action

    Enter the IP or IP range [e.g 10.0.1-23.*]

    Specifies the IP address or a pool of IP addresses from which you want to enable or disallow traffic.

    Specify an IP address in the format a.b.c.d/xx, where xx is the subnet prefix, or an IP address range in the format of starting-address - ending -address, with the starting and ending IP addresses separated by a hyphen (-).

    Specify the permission

    Specifies whether you want to enable or deny traffic from the specified IP address or range of addresses.

    Select 0) Deny to cause the CTP device to drop traffic arriving from the specified IP address.

    Select 1) Allow to cause the CTP device to allow traffic arriving from the specified IP address.

    Specify rtn to set the interface that is prompted by the system to be specified as the default IPv4 circuit device. For example, if the prompt displays (rtn for eth1), and if you specify rtn, eth1 is set as the default circuit device.

  5. Press Enter to proceed to the next step of removing any of the configured IP ACLs. The IP ACL Function menu is displayed.
  6. Select 2) Remove. The IP address ranges or IP addresses for which you previously configured ACLs are displayed.
    content_copy zoom_out_map
    ************************************************************
     CTPView version 7.2R1-rc3 151120
     Server: ctpview    Date: Mon Dec  7 06:01:04 2015
     Release: CentOS release 5.11 (Final)
     Kernel: 2.6.18-406.el5
     User root logged in from 10.215.150.11 as root
     +++++  ALL  ACTIONS  ARE  LOGGED  +++++
************************************************************

IP ACL Function Menu

Please choose a menu item from the following list:

0) Return to previous menu
1) Add
2) Remove
3) Show

Please input your choice [0]: 2
Current listing of IP range :
0) Return to previous menu
1) *.*.*.*
2) 1.2.3.4
3) 78.34.3.2
Please input your choice [0]:2
IP range/ IP address removed successfully...

Hit return to continue...
  7. From the list of IP addresses displayed, select a number pertaining to your choice. Enter the number next to the Please input your choice [0] field. If you select 0, you are returned to the previous menu.

    After you enter a number pertaining to your choice in the menu, a confirmation message is displayed stating that the selected IP address or range is successfully deleted.

  8. Press Enter to proceed to the next step of viewing all the configured IP ACLs. The IP ACL Function menu is displayed.
  9. Select 3) Show. All the configured IP addresses and their corresponding permissions are displayed. The access modifier or permission of 1 denotes permit, and 0 denotes deny.
    content_copy zoom_out_map
    ************************************************************
     CTPView version 7.2R1-rc3 151120
     Server: ctpview    Date: Mon Dec  7 06:01:14 2015
     Release: CentOS release 5.11 (Final)
     Kernel: 2.6.18-406.el5
     User root logged in from 10.215.150.11 as root
     +++++  ALL  ACTIONS  ARE  LOGGED  +++++
************************************************************
IP ACL Function Menu

Please choose a menu item from the following list:

0) Return to previous menu
1) Add
2) Remove
3) Show

Please input your choice [0]: 3
All database entries:
+-----------+------------+
 | iprange   | permission |
 +-----------+------------+
 | *.*.*.*   |          1 |
 | 78.34.3.2 |          0 |
 +-----------+------------+

Hit return to continue...
arrow_backward PREVIOUS
NEXT arrow_forward CTPView Network Management System Administration
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top