Applies To:
Show Versions3-DNS Controller versions 1.x - 4.x
- 4.0 PTF-01, 4.0.0
2
Access Control Lists
Access control lists
With access control lists (ACLs), you can block probing for members of the ACL when you use dynamic RTT probing on your 3-DNS Controller. Table 2.1 lists the ACL types and describes their functions.
To define ACLs using the Configuration utility
- In the navigation pane, click System.
The System - General screen opens.
- On the toolbar, click ACL.
The ACL Configuration screen opens.
- Add the settings for the ACLs you want to create, and click Update. For more information on this screen, click Help on the toolbar.
To define ACLs from the command line
- If one does not already exist, create a file called region.ACL in the /var/3dns/include directory. You must add the include file at the beginning of the wideip.conf file.
- Add the file to /etc/wideip.conf by typing, at the command line:
include "region.ACL"
Tip: When you create ACLs by editing the wideip.conf file from the command line, we strongly recommend that you put the ACLs in a separate include file.
The ACLs you can create are probe_acl, hops_acl, and discovery_acl. Figure 2.1 is an example the syntax for a region.ACL file with definitions for the three ACL types.
Figure 2.1 Sample region.ACL file
actions {
NO_RELAY
delete rdb ACL region "probe_acl"
delete rdb ACL region "hops_acl"
delete rdb ACL region "discovery_acl"
}
region_db ACL {
region {
name "probe_acl"
region "probe_acl"
192.168.4.0/24
}
region {
name "hops_acl"
192.168.2.0/16
}
region {
name "discovery_acl"
192.168.11.11/32
192.168.4.0/24
}
}