Creating an access-control list (ACL)
You can create an access control list on an individual CPE device or on all devices that use the CPE template. To create an access control list, use the following instructions:
- Creating an access control list on an individual CPE device.
To create an access control list on an individual CPE device:
- In the menu, go to the SD-WAN section.
By default, the CPE subsection is displayed with a table of CPE devices.
- Click the CPE device.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the Routing Filters tab.
The Access control lists tab, which is selected by default, displays the table of access control lists.
- Select the Override check box to ignore the applied CPE template and make the settings in the selected tab editable. This check box is cleared by default.
- Click + Access control list.
- This opens a window; in that window, in the Name field, enter the name of the access control list. Maximum length: 50 characters. Do not use spaces in this field.
- Click + Add rule to add a rule to the access control list. You can add multiple rules.
- In the Sequence field, enter the sequential number of the rule. The rule with the lowest number is processed first. Range of values: 1 to 4,294,967,295.
- In the Network drop-down list, select the type of the rule:
- Any network for a rule that allows or denies advertising of any networks.
- IP/mask for a rule that allows or denies the advertising of a specific network. This is the default setting.
- If in the Network drop-down list, you selected IP/mask, in the field that is displayed, enter the IP address and the network prefix.
- In the Action drop-down list, select the action that the rule must apply to routes:
- Permitto allow route advertising. This is the default setting.
- Deny to deny route advertising.
- Click Create.
The access control list is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE device.
- In the menu, go to the SD-WAN section.
- Creating an access control list on all devices that use the CPE template.
To create an access control list on all devices that use the CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the Routing Filters tab.
The Access control lists tab, which is selected by default, displays the table of access control lists.
- Click + Access control list.
- This opens a window; in that window, in the Name field, enter the name of the access control list. Maximum length: 50 characters. Do not use spaces in this field.
- Click + Add rule to add a rule to the access control list. You can add multiple rules.
- In the Sequence field, enter the sequential number of the rule. The rule with the lowest number is processed first. Range of values: 1 to 4,294,967,295.
- In the Network drop-down list, select the type of the rule:
- Any network for a rule that allows or denies advertising of any networks.
- IP/mask for a rule that allows or denies the advertising of a specific network. This is the default setting.
- If in the Network drop-down list, you selected IP/mask, in the field that is displayed, enter the IP address and the network prefix.
- In the Action drop-down list, select the action that the rule must apply to routes:
- Permitto allow route advertising. This is the default setting.
- Deny to deny route advertising.
- Click Create.
The access control list is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE template.
- In the menu, go to the SD-WAN → CPE templates subsection.