Navigation
Back up to About Overview
[+] Expand All
[-] Collapse All
A
- access control lists
- access security
- accounts
- address filter, IP See IP access filter
- Admin Center
- accessing
- groups
- passwords
- users
- adding
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters, creating
- IP access filters, removing
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing access
- modifying properties
- monitoring
- prohibiting
- reinstating prohibited
- administrative passwords
- administrative settings
- Apache daemon
- archive file
- authentication
B
- bandwidth throttling
- banner
- BIOS menu
- booting CTPView server from CD
- browser
C
- Circuit to Packet network
- clock options
- CompactFlash card
- configuration settings
- configuration, server
- CTP devices
- CTP platforms
- adding and removing
- adding comments to monitoring status
- automatically collecting statistical data
- changing display settings for network monitoring
- checking connections to the CTPView server
- displaying network statistics
- displaying reports
- displaying runtime query results
- host groups, adding and removing
- managing
- manually overriding monitoring status
- monitoring (CTPView GUI)
- passwords
- port forwarding
- restoring configuration
- saving configuration automatically
- setting audible status alert
- SNMP communities, adding and removing
- SSH connections
- understanding network reports
- updating CTPOS
- CTPOS
- burn CTPOS flash image 1, 2
- burning image to a CompactFlash card
- default accounts and passwords
- updating
- upgrade files
- CTPView
- CTPView Admin Center See Admin Center
- CTPView GUI
- adding comments to platform monitoring status
- Admin Center, accessing
- automatically removing outdated files
- automatically synchronizing servers
- bandwidth throttling
- browser settings
- browser, logging in
- changing default user password
- checking network connections
- configuring automatic functions
- creating more server disk space
- CTP platform reports
- display settings
- display settings help
- displaying platform and port runtime query results
- email notifications
- Global_Admin account, creating
- groups
- host groups, adding and removing
- managing users and groups
- manually overriding platform monitoring status
- monitoring the CTP platform network
- network monitoring display settings
- network reports 1
- network statistics
- NTP servers, managing
- passwords
- platforms, adding and removing
- port forwarding, managing
- restoring configuration
- CTP platform
- CTPView server, by synchronizing servers 1, 2
- restoring server configuration
- saving configuration
- server clock, setting
- setting audible platform status alert
- SNMP communities, adding and removing
- start-up (log-in) banner
- support for tabbed or nontabbed browsers
- synchronizing servers
- user properties, modifying
- users
- adding
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters, creating
- IP address access filters, removing
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing access
- monitoring
- prohibiting
- reinstating prohibited
- validating server configuration 1, 2
- verifying server OS installation
- CTPView server
- access security, managing 1, 2
- account
- acquiring shell access
- booting from CD
- clock, setting
- configuring guidelines on a virtual machine
- configuring on a Hyper-V server
- configuring on an ESXi server
- creating disk space
- data file permissions, resetting
- default accounts and passwords
- determining free disk space
- disk space, creating
- firewall defaults, restoring
- installation log
- installing OS (CTPView server CLI)
- installing the software overview
- log-in banner, setting
- logging level, setting
- logs, managing
- MySQL server, restarting
- network access, configuring
- on a Hyper-V server
- on a Hyper-V server, overview
- on a virtual machine, overview
- on an ESXi server
- on an ESXi server, overview
- password
- password requirements 1, 2
- port forwarding, configuring
- preparing a new
- restoring browser access
- restoring configuration by synchronizing servers 1, 2
- restoring configuration overview
- restoring configuration settings
- restoring shell access
- software installation and upgrade
- start-up (log-in) banner
- synchronizing to restore configuration 1, 2
- system administrator account, resetting
- system file defaults, restoring
- TACACS+ settings
- TACACS+, configuring
- third-party software on
- upgrade files
- upgrading the software overview
- user passwords, managing
- users, managing shell account
- validating configuration 1, 2
- verifying OS installation
- web certificate, creating
- CTPView server CLI
- BIOS menu password 1, 2
- burning CTPOS image to a CompactFlash card
- changing default user password
- changing root account password 1, 2
- installing server OS
- reviewing the installation log
- CTPView server menu
- access security, managing
- accessing
- creating more server disk space 1, 2
- GRUB boot loader password 1, 2
- log-in banner, setting
- logging level, setting
- logs, managing
- MySQL Apache account password 1, 2
- MySQL IP access lists
- MySQL root account password 1, 2
- MySQL server, restarting
- network access, configuring
- OpenSSL authenticaton, creating and self-signing web certificate
- port forwarding, managing
- restoring server configuration settings 1, 2
- saving CTPView configuration settings 1, 2
- TACACS+, configuring
- user passwords, managing
- users, managing shell account
- web certificate, creating
- CTPView server OS
- software installation and upgrade
- verifying installation
- CTPView server, OpenSSL
- CTPView software
- configuring administrative settings
- saving configuration settings 1, 2
- updating CTPOS
- upgrade files
- upgrading
- user security levels
D
- data file permissions
E
- email notifications
- ESXi server
F
- files
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- firewall
G
- Global_Admin account
- groups, user
- GRUB boot loader
H
I
- installation
- IP access filter
- IP address filter See IP access filter
L
- limiting CTP network bandwidth
- log-in banner
- configuring
- setting
- logging level
- login security
- logs
M
- menu
- MySQL database
- automatically backing up
- changing the Apache account password 1, 2
- changing the root account password 1, 2
- configuring IP access control lists
- MySQL server
N
- native authentication with Steel-Belted RADIUS
- network access
- network reports
- nonroot account
- nonroot passwords
- NTP servers
O
- OpenSSL authentication
- OS, CTPView server
- installing (CTPView server CLI)
- software installation and upgrade
- verifying installation on server
- outdated files
- automatically removing
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- overview
- Circuit to Packet network
- CTP network software
- restoring configuration 1, 2
- restoring server configuration
- software installation and upgrade
- synchronizing servers (CTPView)
P
- passwords
- BIOS menu changing 1, 2
- changing administrative
- changing requirements
- CTP platform user
- CTPOS
- CTPView GUI
- CTPView server
- changing default
- changing root 1, 2
- creating nonroot
- default
- recovering lost
- requirements 1, 2
- setting new nonroot
- setting new root
- excluding from use
- expiration of user
- Global_Admin account
- GRUB boot loader changing 1, 2
- limiting use
- managing user
- MySQL database changing 1, 2, 3, 4
- reinstating excluded
- requirements of user
- port forwarding
R
- receive packet processing
- redundant files
- removing (CTPView GUI)
- removing (CTPView server menu) 1, 2
- remote host See CTP platforms
- root passwords
- RSA SecurID authentication with Steel-Belted RADIUS
S
- security levels
- serial stream processing
- setting user password
- shell access to CTPView server
- SNMP communities See adding and removing
- software
- installation and upgrade
- upgrade files
- SSH
- connections to CTP platforms
- persistent connections to CTP platforms
- start-up banner
- configuring
- setting
- Steel-Belted RADIUS
- synchronization of CTPView servers
- automatic method
- configuring the synchronization network
- manual method
- overview
- to restore configuration 1, 2
- system administrator account
- system file
T
- third-party software
- transmit packet processing
- troubleshooting
- two factor authentication with Steel-Belted RADIUS
U
- upgrade
- user accounts, unlocking
- user groups See groups, user
- user passwords
- changing CTP platform
- changing CTPView GUI default
- changing server’s default
- changing server’s root 1, 2
- expiration
- requirements
- users
- adding
- authentication with Steel-Belted RADIUS
- automatic logout
- counters
- deleting active
- deleting inactive
- deleting prohibited
- displaying prohibited
- IP access filters
- locked-out IP addresses
- lockout period
- logging out selected
- login attempts
- login properties
- managing
- managing access
- managing passwords
- modifying properties
- monitoring
- password requirements 1, 2
- prohibiting
- reinstating prohibited
- security levels 1, 2
- shell account, classification
- shell account, managing
V
- virtual machine
W
- web certificate
Download This Guide
Configuring IP ACLs for Restricting Access to Resources (CTPView Server Menu)
An access control list (ACL) is a sequential collection of permit and deny conditions that you can use to filter inbound or outbound routes. You can use different kinds of access lists to filter routes based on The router compares each route's IP address against the conditions in the list, one-by-one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes.
You can define an access list to permit or deny routes on the basis of the IP address or the range of IP addresses. Each access list is a set of permit or deny conditions (based on how they match a route's address) for a route. A zero in the wildcard mask means that the corresponding bit in the address must be exactly matched by the route. A one in the wildcard mask means that the corresponding bit in the address does not have to be matched by the route. You can also specify a range of IP addresses, by entering the starting IP address and the ending IP address in the range separated by a hyphen (-), if you want to enable or disallow traffic from a set of IP addresses.
 | Best Practice: We recommend that you modify the IP ACLs during periods of relatively low traffic to minimize network disruptions and outages in processing packets. |
Before you begin, log in to the CTPView server and access the CTPView Configuration Menu. See Accessing the CTPView Server Configuration Menu (CTPView Server Menu).
 | Note: You cannot use an SSH application to access the CTPView server until you have configured the server in your network and assigned it an IP address. See Configuring the Network Access (CTPView Server Menu). |
To add, remove, or display IP ACLs:
- From the CTPView Configuration Menu, select 6) MySQL Functions.
- Select 6) IP ACL Function.
The IP ACL Function menu is displayed, which enables you to create
a new ACL, delete a previously configured ACL, and view all the ACLs
configured on your CTP device.
CTPView Configuration Menu Please choose a menu item from the following list: 0) Exit CTPView Configuration Menu 1) Security Profile 2) System Configuration 3) Port Forwarding 4) Advanced Functions 5) Backup Functions 6) MySQL Functions 7) CTPView Access Functions 8) GRUB Functions 9) AAA Functions Please input your choice [0]: 6 ************************************************************ CTPView version 7.2R1-rc3 151120 Server: ctpview Date: Mon Dec 7 06:00:20 2015 Release: CentOS release 5.11 (Final) Kernel: 2.6.18-406.el5 User root logged in from 10.215.150.11 as root +++++ ALL ACTIONS ARE LOGGED +++++ ************************************************************ MySQL Menu Please choose a menu item from the following list: 0) Return to previous menu 1) Change MySQL Administrator password 2) Change MySQL Apache password 3) Restart MySQL Server 4) Initialize Web UI Template Accounts 5) IP ACL Function 6) Upgrade Database Structures Please input your choice [0]: 5 ************************************************************ CTPView version 7.2R1-rc3 151120 Server: ctpview Date: Mon Dec 7 06:00:23 2015 Release: CentOS release 5.11 (Final) Kernel: 2.6.18-406.el5 User root logged in from 10.215.150.11 as root +++++ ALL ACTIONS ARE LOGGED +++++ ************************************************************ IP ACL Function Menu Please choose a menu item from the following list: 0) Return to previous menu 1) Add 2) Remove 3) Show Please input your choice [0]: 1 Enter the IP or IP range[e.g 10.0.1-23.*]: 1.2.3.4 Specify the permission 0) Deny 1) Allow Please input your choice [0]: 0 IP range/ IP address added successfully... Hit return to continue... - Select 1) Add
- Follow the onscreen instructions and configure the options
as described inTable 1.
Table 1: Creating an IP ACL
Field Function Your Action Enter the IP or IP range [e.g 10.0.1-23.*]
Specifies the IP address or a pool of IP addresses from which you want to enable or disallow traffic.
Specify an IP address in the format a.b.c.d/xx, where xx is the subnet prefix, or an IP address range in the format of starting-address - ending -address, with the starting and ending IP addresses separated by a hyphen (-).
Specify the permission
Specifies whether you want to enable or deny traffic from the specified IP address or range of addresses.
Select 0) Deny to cause the CTP device to drop traffic arriving from the specified IP address.
Select 1) Allow to cause the CTP device to allow traffic arriving from the specified IP address.
Specify rtn to set the interface that is prompted by the system to be specified as the default IPv4 circuit device. For example, if the prompt displays (rtn for eth1), and if you specify rtn, eth1 is set as the default circuit device.
- Press Enter to proceed to the next step of removing any of the configured IP ACLs. The IP ACL Function menu is displayed.
- Select 2) Remove. The IP address
ranges or IP addresses for which you previously configured ACLs are
displayed.
************************************************************ CTPView version 7.2R1-rc3 151120 Server: ctpview Date: Mon Dec 7 06:01:04 2015 Release: CentOS release 5.11 (Final) Kernel: 2.6.18-406.el5 User root logged in from 10.215.150.11 as root +++++ ALL ACTIONS ARE LOGGED +++++ ************************************************************ IP ACL Function Menu Please choose a menu item from the following list: 0) Return to previous menu 1) Add 2) Remove 3) Show Please input your choice [0]: 2 Current listing of IP range : 0) Return to previous menu 1) *.*.*.* 2) 1.2.3.4 3) 78.34.3.2 Please input your choice [0]:2 IP range/ IP address removed successfully... Hit return to continue... - From the list of IP addresses displayed, select a number
pertaining to your choice. Enter the number next to the Please
input your choice [0] field. If you select 0, you are returned to the previous menu.
After you enter a number pertaining to your choice in the menu, a confirmation message is displayed stating that the selected IP address or range is successfully deleted.
- Press Enter to proceed to the next step of viewing all the configured IP ACLs. The IP ACL Function menu is displayed.
- Select 3) Show. All the configured
IP addresses and their corresponding permissions are displayed. The
access modifier or permission of 1 denotes permit, and 0 denotes deny.
************************************************************ CTPView version 7.2R1-rc3 151120 Server: ctpview Date: Mon Dec 7 06:01:14 2015 Release: CentOS release 5.11 (Final) Kernel: 2.6.18-406.el5 User root logged in from 10.215.150.11 as root +++++ ALL ACTIONS ARE LOGGED +++++ ************************************************************ IP ACL Function Menu Please choose a menu item from the following list: 0) Return to previous menu 1) Add 2) Remove 3) Show Please input your choice [0]: 3 All database entries: +-----------+------------+ | iprange | permission | +-----------+------------+ | *.*.*.* | 1 | | 78.34.3.2 | 0 | +-----------+------------+ Hit return to continue...
Related Documentation
- CTPOS and CTPView Software Password Requirements
- Configuring the CTPView Administrative Settings
- Changing Passwords to Improve Access Security
