2

Access Control Lists

With access control lists (ACLs), you can block probing for members of the ACL when you use dynamic RTT probing on your 3-DNS Controller. Table 2.1 lists the ACL types and describes their functions.

To define ACLs using the Configuration utility

1. In the navigation pane, click System.
   The System - General screen opens.
2. On the toolbar, click ACL.
   The ACL Configuration screen opens.
3. Add the settings for the ACLs you want to create, and click Update. For more information on this screen, click Help on the toolbar.

To define ACLs using the command line

Tip: When you create ACLs by manually editing the wideip.conf file, we strongly recommend that you put the ACLs in a separate include file.

1. If one does not already exist, create a file called region.ACL in the /var/3dns/include directory. You must add the include file at the beginning of the wideip.conf file.
2. Add the file to /etc/wideip.conf by typing, at the command line:

   include "region.ACL"

3. The ACLs you can create are probe_acl, hops_acl, and discovery_acl. Figure 2.1 is an example the syntax for a region.ACL file with definitions for the three ACL types.

Figure 2.1 Sample region.ACL file

 actions {     
      NO_RELAY    
      delete rdb ACL region "probe_acl"    
      delete rdb ACL region "hops_acl"    
      delete rdb ACL region "discovery_acl"    
   }    
   region_db ACL {    
      region {    
         name "probe_acl"    
         region "probe_acl"    
         192.168.4.0/24    
      }    
      region {    
         name "hops_acl"    
         192.168.2.0/16    
      }    
      region {    
         name "discovery_acl"    
         192.168.11.11/32    
         192.168.4.0/24    
         }    
   }