Quick Start

Quick Start

System Introduction

While improving enterprise efficiency dramatically, the Internet and network applications also bring negative effects. For example, sensitive data might suffer from potential security risks, and network resources are distributed irrationally. How to manage the network effectively to reduce such negative effects becomes an important problem that network administrators have to face.

ACL (Access Control List) controls network access by filtering packets that match specific ACL rules. ACL Management provides a friendly Web interface for you to perform operations simply and intuitively for access control.

Operation Guide

The workflow of ACL Management is as follows:

1. Configure ACL resources in ACL Management to unify  the management of network-wide.
2. Deploy the ACL resources to devices.

ACL Management comprises of the following five components:

You can configure single device or perform batch configuration for multiple devices.

• ACL resource

  ACL resource component is the core of ACL Management. An ACL resource, represented by the device ACL number or name, is an ACL that includes one or more rule sets.  Each rule set is an ACL instance applied to a device. For example, ACL resource 2000 includes multiple rule sets that are assigned to different devices. That is, even if device A and device B are assigned the same ACL resource-ACL resource 2000, the rule set applied to them might be different.

  You can configure the following four types of ACL resources:

  • Basic ACL resource
  • Advanced ACL resource
  • Layer 2 ACL resource
  • Customized ACL resource
• ACL devices

  To configure a device:

  1. Create an ACL resource.
  2. Deploy the ACL resource to the device.
  3. Create an ACL application and deploy it to the device. An ACL application defines the conditions in which the ACL resource is applied, which includes the service, the interface/port, and the packet direction.
  4. View the history records of ACL definitions, which helps you to view the historical versions of the ACL deployed to a specific device and set a specific ACL configuration as baseline.
• ACL deployment

  With a friendly wizard, ACL Management enables you to:

  • Deploy ACLs
  • Delete ACLs on Devices
  • Delete Time Ranges on Devices
  • Deploy ACL Uses
  • Delete ACL Uses on Devices

  The configuration takes effect after the ACL deployment is successful. Besides, the ACL Management provides the following functions to facilitate task management and deployment:

  • Task processing mechanisms (such as start a task and suspend a task)
  • Multi-perspective task views

  The key aspects of an ACL rule include:

  • Services are mnemonics for configuring source and destination ports in ACL templates. You can use a service to configure port variables, which imports the port configuration defined in the services and simplifies the configuration of port variables.
  • Network address groups are mnemonics for configuring source and destination IP addresses in ACL templates. You can use network address groups to configure IP address variables, which simplifies the configuration of IP addresses.
  • Time ranges are mnemonics for configuring time range. Typically they are used to set the active time for ACL rules. You can also use them to configure the time range of a single device to simplify the configuration of device time ranges.
• ACL template

  You can set ACL definitions as ACL templates, which can be exported as ACL resources. The four types of ACL templates are:

  • Basic ACL template
  • Advanced ACL template
  • Layer 2 ACL template
  • User-Defined ACL template

  To enable an ACL template reuse:

  • In a basic ACL template, use a variable to set the source IP address of the ACL template.
  • In a advanced ACL template, use variables to set the source and destination IP address, and source and destination ports.
  • In a Layer 2 ACL template, use variables to set the source and destination MAC address.
• Assistant management

  The assistant management contains:

  • Services are mnemonics for configuring source and destination ports in ACL templates. You can use a service to configure port variables, which imports the port configuration defined in the services and simplifies the configuration of port variables.
  • Network address groups are mnemonics for configuring source and destination IP addresses in ACL templates. You can use network address groups to configure IP address variables, which simplifies the configuration of IP addresses.
  • Time ranges are mnemonics for configuring time range. Typically they are used to set the active time of ACL rules. You can also use them to configure the time range of a single device to simplify the configuration of device time ranges.

  These functions enable you to use variables in ACL templates.

The following figure illustrates the relationship among the five components.

FAQ

For more information, see FAQ.

Typical Configuration Examples

• Deny Hosts in a Subnet to Access a Specific Device
• Deploy Layer 2 ACLs for Access Control
• Deploy Advanced ACLs to Control Access Between the Internet and Intranet
• Filter Port-Specific Traffic
• Deploy ACLs in Bulk for Access Control
• Configure ACL Recourses for Access Control