Access Lists - Colubris Networks CN3000 Administrator's Manual

Chapter 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Customizing CN3000 and customer settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 7

Access lists

Access lists enable you to create public areas on your network that all customers can
browse, and protected areas that are restricted to specific customer accounts or groups.
Each access list is a set of rules that governs how the CN3000 controls access to
network resources. You can create multiple access lists, each with multiple rules to
manage the traffic on your public access network.
Default setting
By default no access lists are defined. This means that:
• Unauthenticated customers cannot reach any network resources other than the
• Authenticated customer have access to any network resource connected to the
How access lists work
Each customer and each access point can be associated with its own access list.
Incoming traffic cascades through the currently active lists. Traffic that is accepted or
denied by a list is not available to the list that follows it. Traffic that passes through all
lists without being accepted or denied is dropped.
Note: The white list is a less-powerful version of the access list that is maintained for
compatibility with previous releases. Its functionality is completely superseded by the
access list feature. The access list feature should be used in its place.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 153 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CN3000 login page.
CN3000's Internet port.
Customer session
Site Profile Access List
DENY NO MATCH
White List
NO MATCH
Unauthenticated
Customer Profile Access List
DENY NO MATCH
Dropped
ACCEPT
ACCEPT
Authenticated and no
user access list exists
Authenticated and
an access list exists
ACCEPT
Internet port