Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)

An access control list (ACL) is a sequential collection of permit and deny conditions that you can use to filter inbound or outbound routes. You can use different kinds of access lists to filter routes based on The router compares each route's IP address against the conditions in the list, one-by-one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes.

You can define an access list to permit or deny routes on the basis of the IP address or the range of IP addresses. Each access list is a set of permit or deny conditions (based on how they match a route's address) for a route. A zero in the wildcard mask means that the corresponding bit in the address must be exactly matched by the route. A one in the wildcard mask means that the corresponding bit in the address does not have to be matched by the route. You can also specify a range of IP addresses, by entering the starting IP address and the ending IP address in the range separated by a hyphen (-), if you want to enable or disallow traffic from a set of IP addresses.

Best Practice:

We recommend that you modify the IP ACLs during periods of relatively low traffic to minimize network disruptions and outages in processing packets.

Before you begin, log in to the CTPView server and access the CTPView Configuration Menu. See Accessing the CTPView Server Configuration Menu (CTPView Server Menu).

Note:

You cannot use an SSH application to access the CTPView server until you have configured the server in your network and assigned it an IP address. See Configuring the Network Access (CTPView Server Menu).

To add, remove, or display IP ACLs:

  1. From the CTPView Configuration Menu, select 6) PostgreSQL Functions.
  2. Select 6) IP ACL Function. The IP ACL Function menu is displayed, which enables you to create a new ACL, delete a previously configured ACL, and view all the ACLs configured on your CTP device.
  3. Select 1) Add
  4. Follow the onscreen instructions and configure the options as described inTable 1.
    Table 1: Creating an IP ACL
    Field Function Your Action

    Enter the IP or IP range [e.g 10.0.1-23.*]

    Specifies the IP address or a pool of IP addresses from which you want to enable or disallow traffic.

    Specify an IP address in the format a.b.c.d/xx, where xx is the subnet prefix, or an IP address range in the format of starting-address - ending -address, with the starting and ending IP addresses separated by a hyphen (-).

    Specify the permission

    Specifies whether you want to enable or deny traffic from the specified IP address or range of addresses.

    Select 0) Deny to cause the CTP device to drop traffic arriving from the specified IP address.

    Select 1) Allow to cause the CTP device to allow traffic arriving from the specified IP address.

    Specify rtn to set the interface that is prompted by the system to be specified as the default IPv4 circuit device. For example, if the prompt displays (rtn for eth1), and if you specify rtn, eth1 is set as the default circuit device.
  5. Press Enter to proceed to the next step of removing any of the configured IP ACLs. The IP ACL Function menu is displayed.
  6. Select 2) Remove. The IP address ranges or IP addresses for which you previously configured ACLs are displayed.
  7. From the list of IP addresses displayed, select a number pertaining to your choice. Enter the number next to the Please input your choice [0] field. If you select 0, you are returned to the previous menu.

    After you enter a number pertaining to your choice in the menu, a confirmation message is displayed stating that the selected IP address or range is successfully deleted.

  8. Press Enter to proceed to the next step of viewing all the configured IP ACLs. The IP ACL Function menu is displayed.
  9. Select 3) Show. All the configured IP addresses and their corresponding permissions are displayed. The access modifier or permission of 1 denotes permit, and 0 denotes deny.

Related Documentation