IP Access Control Lists (IP ACLs) is a packet filtering object that is applied to incoming IP packets on the SBC. This object protects the system from a variety of network-borne attacks.
Use IP ACLs to specify rules to permit or deny packets into SBC. The IP ACL can optionally pass the traffic but at only a certain policed rate.
When you create an IP ACL rule, its state defaults to "
disabled". Change the state to "
enabled" to active the rule.
The maximum number of ACLs that can be configured in SBC is 11,264.
When a user creates a new management group the user must add user defined ACL rules to get the equivalent rules that are set up for the default management group.
The SBC 52x0 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.
(This ability does not apply to the SBC 51x0 and SBC 5400 systems which have only two physical media ports. IP interfaces from the two physical ports may be configured within the same IP Interface Groups without restriction.)
For complete details, refer to Configuring IP Interface Groups and Interfaces.