Legacy Open Mesh: IPv4 ACLs

Topic

This article discusses IPv4 access control list configuration.

Environment

CloudTrax

Description

IP based Access Control is one way of controlling entry of certain types of traffic into your network, based on predefined layer-3 rules. IPv4 Access Control List (ACL) configuration, is the process of defining a set of rules that tell the switch how to make decisions about whether to allow or deny entry to (drop) a given packet, based on its IP address.

The OM S series switches allow you to specify multiple ACLs, with multiple rules (also called Access Control List Entries) within each ACL. Each ACL is identified by its Name and all the individual entries within the same ACL, use the same ACL name. The switches can support up to 3000 total ACL entries with up to 256 entries per ACL.

Configuring IPv4 ACLs on the OM S series switches is a simple, two step process.

Build the global list of IPv4 ACL entries (once per network)
Assign prebuilt ACLs to ports (once per switch port)

Step 1: Build the global list of IPv4 ACL entries

Navigate to the Configure > Switches page and click on the "show" link next to "Access Control Lists (ACLs)"

Look under the section for "IPv4 Based" ACL configuration

ACL and New ACL Name: As mentioned earlier, each ACL can have multiple entries so when creating a new entry you have the option of either associating it with an existing ACL or creating a new ACL that it will be the very first entry of. Note that ACL names cannot be changed by editing the entries. They must be deleted and recreated with a new name, if the name change is essential.

Sequence: Since ACLs can have multiple entries, the sequence number is used by the switch to determine what order to apply those rules to incoming packets. Note that sequence of an ACLs entry cannot be changed by editing it, after it has been created and saved.

Action: Is used to specify whether the packets (identified by the source and destination IP, next) should be allowed or denied entry.

Protocol: Choose between whether to only apply this to only TCP packets or only UDP packets or all kinds of transport layer packets.

Source IP: Source IP address of the incoming packet. To specify a wildcard, use the * symbol as shown above and enter "Any" in the text field or leave it blank, to apply it to all IP addresses.

Destination IP: Destination IP address of the incoming packet. To specify a wildcard, use the * symbol as shown above and enter "Any" in the text field or leave it blank, to apply it to all IP addresses.

Once you have created your IPv4 ACLs, you are ready to move to the next step, of assigning those rules to specific ports that will then enforce those rules on packets that come into them.

Step 2: Assign IPv4 ACLs to ports

To assign IPv4 ACLs to ports, head over to the Manage > Switches page and bring up the specific switch's configuration pane by clicking on its name. Once there, pick the specific port or ports that you want to implement IPv4 based access control on and then assign the predefined IPv4 ACL to it by selecting it from the drop down list under the "IPv4 ACL" column for that specific port (row). Hit save on the pane and you're done!

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.

Legacy Open Mesh: IPv4 ACLs

Topic

Environment

Description

Why wasn't this article helpful? (check all that apply)

Great!