Group-Based IP ACL (Access Control List)

Important: Exercise caution when using group-based IP access control. It is possible to be locked out of your Dominion KSX if your IP address is within a range that has been denied access.

This feature limits access to the Dominion KSX device by users in the selected group to specific IP addresses. This feature applies only to users belonging to a specific group, unlike the IP Access Control List feature that applies to all access attempts to the device, is processed first, and takes priority.

Important: The IP address 127.0.0.1 is used by the Dominion KSX Local Port and cannot be blocked.

Use the IP ACL section of the Group page to add, insert, replace, and delete IP access control rules on a group-level basis.

ip acl

To add (append) rules:

  1. Type the starting IP address in the Starting IP field.
  2. Type the ending IP address in the Ending IP field.
  3. Choose the action from the available options:
  4. Click Append. The rule is added to the bottom of the rules list. Repeat steps 1 through 4 for each rule you want to enter.

To insert a rule:

  1. Enter a rule number (#). A rule number is required when using the Insert command.
  2. Enter the Starting IP and Ending IP fields.
  3. Choose the action from the Action drop-down list.
  4. Click Insert. If the rule number you just typed equals an existing rule number, the new rule is placed ahead of the exiting rule and all rules are moved down in the list.

To replace a rule:

  1. Specify the rule number you want to replace.
  2. Type the Starting IP and Ending IP fields.
  3. Choose the Action from the drop-down list.
  4. Click Replace. Your new rule replaces the original rule with the same rule number.

To delete a rule:

  1. Specify the rule number you want to delete.
  2. Click Delete.
  3. When prompted to confirm the deletion, click OK.

Important: ACL rules are evaluated in the order in which they are listed. For instance, in the example shown here, if the two ACL rules were reversed, Dominion would accept no communication at all.

ruleexample

Tip: The rule numbers allow you to have more control over the order in which the rules are created.

See Also

Adding a New User Group

Setting Permissions

Setting Port Permissions

Setting Permissions for an Individual Group