Configuring ACLs

This page describes how to create and configure an Access Control List (ACL).

For more details about configuration options, see the following pages:

Configuring the Global Object

Configure the AclGlobal

You can configure the AclGlobal object using either the REST interface or through the CLI. The object is autocreated, therefore there is no facility for creating the object. You can only update the already existing instance.

For a full description of the AclGlobal object, see the AclGlobal section of the ACL Objects page..

REST (cURL) Example

curl -k -u <user>:<password> -X PATCH -H ‘Content-Type: application/json’ -d ‘{<Model Object as json data>}’ http://device-management-IP:443/public/v1/config/AclGlobal
JSON Data Model
{
    "AclGlobal": "default",
    "GlobalDropEnable": "TRUE"
}

CLI Example

aclglobal GlobalDropEnable TRUE 
apply

Configuring the Filters.

Before you can create an ACL object, you must create filters to assign to the FilterName attribute.

Configuring the AclIpv4Filter

You can use the REST interface (cURL) or the CLI to create this filter. The only attribute required to create this object is the FilterName. For a full description of the object, see the AclIpv4Filter section of the ACL Objects page.

REST (cURL) Example

curl -k -u <user>:<password> -X POST -H ‘Content-Type: application/json’ –header ‘Accept: application/json’ -d ‘{<Model Object as json-Data>}’ http://device-management-IP:443/public/v1/config/AclIpv4Filter

For more REST examples, see the AclIpv4Filter section of the ACL Objects page.

JSON Data Model
{
    "FilterName":"no-nsw-pacl-v41",
    "SourceIp":"10.176.0.0",
    "SourceMask":"255.10.72.0"
}

CLI Example

aclipv4filter no-nsw-pacl-v41
srcIp 10.176.0.0
srcMask 255.10.72.0
apply

Configuring the AclIpv6Filter

You can use the REST interface (cURL) or the CLI to create this filter. The only attribute required to create this object is the FilterName. For a full description of the object, see the AclIpv6Filter section of the ACL Objects page.

REST (cURL) Example

curl -k -u <user>:<password> -X POST -H ‘Content-Type: application/json’ –header ‘Accept: application/json’ -d ‘{<Model Object as json-Data>}’ http://device-management-IP:443/public/v1/config/AclIpv6Filter
JSON Data Model
{
    "FilterName":"no-nsw-pacl-v6",
    "SourceIpv6":"2a04:f547:41:0:0:0:0:0",
    "SourceMaskv6":"FFFF:FFFF:2:320:FFFF:FFFF:FFFF:FFFF",
}

CLI Example

aclipv6filter no-nsw-pacl-v6
srcIPv6 2a04:f547:41:0:0:0:0:0
srcMaskv6 FFFF:FFFF:2:320:FFFF:FFFF:FFFF:FFFF

Creating the ACL

After you have created the filter(s), you can create an ACL and apply them. You can use the REST interface (cURL) or the CLI to create this filter. The only attribute required to create this object is the FilterName. For a full description of the object, see the Acl section of the ACL Objects page.

REST (cURL) Example

curl -k -u <user>:<password> -X POST -H ‘Content-Type: application/json’ –header ‘Accept: application/json’ -d ‘{<Model Object as json-Data>}’ http://device-management-IP:443/public/v1/config/Acl
JSON Data Model
{
    "AclName":"myACL",
    "IntfList":
        [
            "fpPort 1"
        ],
    "Stage":"IN",
    "Priority":3,
    "AclType":"IPv4",
    "Action":
        [
            "ALLOW"
        ],
    "FilterName":"no-nsw-pacl-v41"
}

CLI Example

acl no-nsw-pacl-v4_acl 
filterName no-nsw-pacl-v41
interface fpPort 1
action ALLOW 
priority 10
aclType IPv4
stage IN 
action ALLOW
exit
apply