Documentation Version: er2.0.28-docs-1.1

Access Control List

Access Control Lists allows you to limit access to ER2 from specific IP addresses.

Configure three access control lists:

The lists use CIDR (Classless Inter-Domain Routing) notation to define IP address ranges.

For example, allowing connections from IP address range 10.0.2.0/24 will allow traffic from IP address 10.0.2.0 – 10.0.2.255.

Configure the Access Control List:

  1. On the USERS AND SECURITY > ACCESS CONTROL LIST page, go to the access control list you want to restrict.
  2. In the access control list that you want to change, enter the range of IP addresses and click +Add. A list of the IP address range you added is displayed under its respective access control list.
    Resolution order

    The range of IP address entered displays under its respective access control list section.

    IP address ranges defined in these lists are resolved from top to bottom. If an IP address falls under two defined rules, the top-most rule takes precedence.

    For example, the following rules:

    1) 10.0.2.56 => Deny
    2) 10.0.2.0 – 10.0.2.128 => Allow
    3) 10.0.2.0 – 10.0.2.255 => Deny
    resolve as: 10.0.2.56 => Deny
    10.0.2.0 – 10.0.2.55 => Allow
    10.0.2.57 – 10.0.2.128 => Allow
    10.0.2.129 – 10.0.2.255 => Deny
  3. For each IP address range added, you can
    • Change the rule's Access state from "Allow" to "Deny" and vice-versa.

    • Remove specific rules.

    • Clear All to remove all rules for that access control list.

  4. To save changes to the rules, click Apply changes.