- Print
- PDF
You may use an Access Control List (ACL), which is a network access control mechanism, to prevent or allow specific MAC or IP addresses to access the Cisco Provider Connectivity Assurance Sensor Control for management purposes.
You can create up to 10 lists, and each list can contain up to 40 rules. Each rule allows or blocks addresses. Rules are ranked using the Priority field, with the rule configured with the highest priority applied first.
We recommend setting the priorities so the most restrictive rules are performed first. For example, a high-priority rule could grant access to a specific IP address within a subnet, and the next rule could deny access to the whole subnet, thus blocking all remaining IP addresses from that subnet. Another example would be to first deny access to subnet 10.10.10.0/26, then allow access to subnet 10.10.0.0/16.
Note: Once all rules have executed, all remaining frames are dropped (this is the default rule). You must therefore ensure the addresses you want to allow are accepted by at least one rule of the ACL.
Once the ACL is created, you can then assign it to one or more interfaces. On each interface you can also select the type of protocol (CLI [SSH and Telnet], WEB, SNMP) to which the ACL applies. Refer to the article "Configuring Logical Interfaces".
CAUTION: If you assign a rule to an interface, you or another user may lose access to the Sensor Control.
Note: ACLs apply to local interfaces only.
Setting Up an ACL
▶ To set up an ACL
Access the page System ▶ACL.
A summary of all lists that have been configured is displayed. For more information on specific parameters, refer to the table at the end of this procedure.Click Add to add a new ACL, or click the Name of an existing ACL to edit its settings.
Complete the required fields, then click Apply.
For more information on specific parameters, refer to the following table.
ACL Definition Summary (System ▶ ACL)
Parameter | Description |
---|---|
Name | The name of the ACL list. |
State | The state of the list:<UL |
Interface list | Names of the interfaces using this list. Clicking on an interface name will open the ACL statistics, showing the number of packets hit, on a per-rule basis, for this specific interface. |
ACL Definition
Parameter | Description |
---|---|
Type | The type of ACL list:
|
Value | The source addresses (IP or MAC) to filter. IP addresses can be entered using a subnet mask. If the Type is ipsrc:
If Type is macsrc:
|
Action | The filter action to take:
|
Name | The name of the rule. |
Priority | The priority of the rule. Range: 1-255 (1 is the highest priority) |
State | Enable or disable the rule. |
Packets | The number of packets that have been intercepted by the rule:
|
Deleting an ACL
▶ To delete an ACL
Access the page System ▶ ACL.
Click the ACL Name to delete.
Click Delete.
▶ To view ACL statistics for each interface
Access the page System ▶ ACL.
Click the name of the interface in the Interface List.
A count of Packets for each ACL rule defined is displayed. The Default Dropped Packets statistic (i.e., associated with the default rule) is displayed at the top of the page. For more information on specific parameters, refer to the table "ACL Definition Summary (System ▶ ACL)".To clear the statistics, click the Clear button.
To update the statistics, click the Refresh button.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks