Configuring IP Access Control

Using IP access control, you control access to your KX III. Note that IP access control restricts traffic of any kind from accessing the KX III, so NTP servers, RADIUS hosts, DNS hosts and so on must be granted access to the KX III.

By setting a global Access Control List (ACL) you are ensuring that your device does not respond to packets being sent from disallowed IP addresses. The IP access control is global, affecting the KX III as a whole, but you can also control access to your device at the group level. See Group-Based IP ACL (Access Control List) for more information about group-level control.

Important: IP address 127.0.0.1 is used by the KX III local port. When creating an IP Access Control list, 127.0.0.1 should not be within the range of IP addresses that are blocked or you will not have access to the KX III local port.

• To use IP access control:

1. Select Security > IP Access Control to open the IP Access Control page.
2. Select the Enable IP Access Control checkbox and the remaining fields on the page.
3. Choose the Default Policy. This is the action taken for IP addresses that are not within the ranges you specify.
   • Accept - IP addresses are allowed access to the KX III device.
   • Drop - IP addresses are denied access to the KX III device.

• To add (append) rules:

1. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field.

   Note: The IP address should be entered using CIDR (Classless Inter-Domain Routing notation, in which the first 24 bits are used as a network address).

2. Choose the Policy from the drop-down list.
3. Click Append. The rule is added to the bottom of the rules list.

• To insert a rule:

1. Type a rule #. A rule # is required when using the Insert command.
2. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field.
3. Choose the Policy from the drop-down list.
4. Click Insert. If the rule # you just typed equals an existing rule #, the new rule is placed ahead of the exiting rule and all rules are moved down in the list.

Tip: The rule numbers allow you to have more control over the order in which the rules are created.

• To replace a rule:

1. Specify the rule # you want to replace.
2. Type the IP address and subnet mask in the IPv4/Mask or IPv6/Prefix Length field.
3. Choose the Policy from the drop-down list.
4. Click Replace. Your new rule replaces the original rule with the same rule #.

• To delete a rule:

1. Specify the rule # you want to delete.
2. Click Delete.
3. You are prompted to confirm the deletion. Click OK.