IP Access Control List (ACL) Security Management
IP Access Control List (ACL)
The ML provides a secured-session-access mechanism, which allows defining a list of up to
100 allowed IP addresses (or range of addresses, using a subnet mask)), and their allowed
access protocols. Range of IP addresses is supported on ML700 and ML2300 (SDU-400)
systems
The ML NE management access can be controlled via the following protocols:
Telnet-TL1 (MetaASSIST View and TL1)
Telnet-CLI
SSH (MetaASSIST View and TL1 over SSH)
SNMP
HTTP
In addition to TCP/UDP ports operated for ML NE management, there are some other opened
TCP/UDP ports which can be controlled as follows:
When ACL is enabled, TCP 1112 (msql service port), 49155 (vxworks debug port) and
UDP 2601 (netmount port) are automatically closed.
Port UDP 123 (SNTP) can be enabled or disabled on application level, unaffected by
ACL.
Port UDP 3087 (Actelis Discovery Protocol) cannot be disabled, unaffected by ACL.
IP Access Control List (ACL) is managed by System Administrator with admin privilege,
who can enable the ACL mechanism (not enabled by default) and update the list of allowed
clients and their protocols.
ML devices are always accessible via craft port, regardless Access Control mechanism
setting and ACL content.
If ACL is enabled and no client with permitted Telnet access protocol is defined, then ML
device cannot be configured and monitored remotely via Telnet but via the craft port only.
Managing the IP Access Control List (ACL)
The IP Access Control pane provides the following capabilities:
Enable/Disable the IP Access Control mechanism.
Manage (add/delete,..) client IP addresses listed in the IP Access Control List (ACL),
along with their permitted connection protocols.
To Next Page