Filter
Top Products
Chapter 9: Security Management
232
Configuring IP Access Control
Using IP access control, you control access to your KX II. Note that IP
access control restricts traffic of any kind from accessing the KX II, so
NTP servers, RADIUS hosts, DNS hosts and so on must be granted
access to the KX II.
By setting a global Access Control List (ACL) you are ensuring that your
device does not respond to packets being sent from disallowed IP
addresses. The IP access control is global, affecting the KX II as a whole,
but you can also control access to your device at the group level. See
Group-Based IP ACL (Access Control List) (on page 122) for more
information about group-level control.
Important: IP address 127.0.0.1 is used by the KX II local port. When
creating an IP Access Control list, 127.0.0.1 should not be within
the range of IP addresses that are blocked or you will not have
access to the KX II local port.
To use IP access control:
1. Select Security > IP Access Control to open the IP Access Control
page.
2. Select the Enable IP Access Control checkbox and the remaining
fields on the page.
3. Choose the Default Policy. This is the action taken for IP addresses
that are not within the ranges you specify.
Accept - IP addresses are allowed access to the KX II device.
Drop - IP addresses are denied access to the KX II device.
To add (append) rules:
1. Type the IP address and subnet mask in the IPv4/Mask or
IPv6/Prefix Length field.
Note: The IP address should be entered using CIDR (Classless
Inter-Domain Routing notation, in which the first 24 bits are used as
a network address).
2. Choose the Policy from the drop-down list.
3. Click Append. The rule is added to the bottom of the rules list.
To insert a rule:
1. Type a rule #. A rule # is required when using the Insert command.
2. Type the IP address and subnet mask in the IPv4/Mask or
IPv6/Prefix Length field.