Adding Access Control Profiles
- From the navigation pane, click
Services. The Services page appears.
-
Select the Access Control sub-tab.
The Access Control page appears.
-
Click Add Profile to add an access control
profile.
The Access Control Profile dialog box appears.
-
Complete the following:
- Profile Name: Enter the name of the access control profile.
- Description: Enter a short description for the access control profile.
Under the Select Access control profile, configure the following:Note: By default, the following profile are set to OFF.- Layer 2: Toggle the switch to ON and click add to add a Layer 2 profile.
- Layer 3: Toggle the switch to ON and click add to add a Layer 3 profile.
- Device & OS: Toggle the switch to ON and click add to add a Device and OS profile.
- Applications: Toggle the switch to ON and click add to add an application profile.
- Client Rate Limit: Togge the switch to ON and click to configure maximum upload rate and maximum download rate.
-
Select the Layer 2 sub-tab to add a Layer 2 profile.
-
Click Add
Profile.
The Layer 2 Profile dialog box appears.
- Enter a name in the Profile Name field.
- Add a brief description in the Description field.
-
Select either Allow Connection or
Block Connections
By default, the Allow Connections option (green) is enabled. You can choose to change this to Block Connections by clicking the option (red) provided.
- Click Add to add MAC addresses.
-
Enter the MAC addresses
in Add MAC Address dialog box and click Add.
You can add upto 128 MAC addresses.
- Click Clear list to clear the MAC address list.
- Click Save.
-
Click Add
Profile.
-
Select the Layer
3 sub-tab to add a Layer 3 profile.
- Click Add Profile. The Layer 3 Profile dialog box is displayed.
- Enter a name in the Profile Name field.
-
Add a brief description
in the Description field.
By default, the Allow Traffic option (green) is enabled. You can choose to change this to Block Traffic by clicking the option (red) provided.
-
To create a new traffic
access rule, click Add Rule.
The Add
Traffic Access Rule dialog box appears. You can create
rules only for up-stream traffic.
Complete the following steps.
- Description: Enter a description for the rule.
- You can create a rule to allow or block up-stream traffic by clicking and selecting the Allow Traffic or Block Traffic option, respectively.
- Select the protocol
which you wish to use for the new traffic rule, from the
Protocol drop down list. Following are the list
of protocols available for use.
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol
- UDPLITE: Lightweight User Datagram Protocol, which is a connectionless protocol that allows even a damaged data payload to be delivered rather than being discarded.
- ICMP (ICMPV4): Internet Control Message Protocol, which is an error-reporting protocol used by network devices to generate error messages to the source IP address, when issues in the network prevent delivery of IP packets.
- IGMP: Internet Group Management Protocol, which is a communications protocol used by hosts on IPv4 networks to establish multicast group memberships.
- ESP: Encapsulating Security Payload is a protocol which provides the authentication, integrity, and confidentially of network packets in IPv4 and IPv6 networks.
- AH: Authentication Header protocol, which is used to authenticate SNMP.
- SCTP: Stream Control Transmission Protocol is a communications protocol which operates at the transport layer.
- Specify the destination
address in the Destination field. You can either specify a
range (a network address and a Subnet Mask, in the field
provided) or you an specify a source IP address in the field
provided. Also, specify a port number or a range of ports (e.g:
22-34) for the destination, in the field provided. Note: If you choose the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be presented to you.
-
In the Source area, complete the following.
- IP Address: Enter the IP address of the source.
- Subnet Network Address: Enter the subnet network address.
- Specific IP Address: Enter the specific IP address.
- Port: Enter a port number or a range of ports (for example, 22-34).
-
In the Destination area, complete the
following.
- IP Address: Enter the IP address of the source.
- Subnet Network Address: Enter the subnet network address.
- Specific IP Address: Enter the specific IP address.
- Port: Enter a port number or a range of ports (for example, 22-34).
- Click Add.
-
Select the Device & OS sub-tab to add a device and OS
profile.
The Device & OS page appears.
-
To add a device and OS
profile, click Add Profile.
Add Device & OS Profile dialog box appears. Complete the following:
- Policy Name: Enter the name of the policy.
- Description: Enter description for the policy.
- Default Access: Select either Allow or Block.
- To add a Device & OS profile rule, click Add Policy.
-
Click Add Rule.
The Add Rule dialog box appears. Complete the following:
- Rule Name: Enter the name of the rule.
- Action: Select either Allow Devices or Block Devices.
- Device Type: Select a device type from the list of devices.
- OS Vendor: Select the OS vendor for the devices.
- Rate Limit: Configure the late limit using the sliders: From client and To client.
- VLAN: Enter the VLAN ID.
-
Click ADD.
Returns to Add Device & OS Profile dialog box.
- Click OK to add the rule to return to the Device & OS page.
-
To add a device and OS
profile, click Add Profile.
-
Select the Application
sub-tab to add an aplication profile.
The Application policies page appears.
- Click Add Policy to add an application access policy.
- Enter a name in the Policy Name field.
- Add a brief description in the Description field.
-
Click Add Rule
and configure the following in the Add Application
Rule dialog box.
- Rule Name: Enter the name of the rule.
- Rule Type: Select System Defined or User Defined.
- Application Category: Select the category of application from the drop-down.
- Application Name: Specify the name of the application.
- Access Control: Configure the method as Block Application, Rate Limit or QoS.
- Click ADD.