Allow Specific Subnet

This ACL will allow only a list of subnet(s) access to the network. The mask will be utilized to define the scope of the subnet that is allowed. The following ACL would ensure that only the 192.168.122.x subnet would be allowed to send messages upstream. This requires a Default Deny VLAN to ensure that all other traffic is dropped, and this ACL would permit access to Hosts from the configured Subnet. This would prevent users from using IP addresses in other subnets or perhaps defining a static IP address outside the allowed subnet. 

Allow Specific SubNet Procedure   

1. Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
2. Select the EMS ACL Create a new profile icon and name the ACL profile to Allow Specific Subnet-1.  
3. Click on the Create Rule button and perform the following steps:
   
   
    

Step 1: Enter "Subnet-X-Only" in Filter Name: entry box:

Step 2: Select "Basic ACL" from the ACL Type: Dropdown

Step 3: Select "Permit" from the Action: Dropdown

Step 4: Select "Any Mac(s)" from the SourceMAC(s): dropdown

Step 5: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window

Step 6: Select the MAC address entry in the Source Mac(s) window

Step 7: Enter "1" in the Max MAC(s) entry box

Step 8: Enter "1" in the Max IPs Per MAC entry box

Step 9: Enter the IP address "192.168.122.0" in the Bound SRC IP(s): entry box

Step 10: Add Bit count: 24" in the Bound SRC IP(s): entry box

Step 11: Click on the Add button to add the Bound SRC IP(s) and bit count to the Bound SRC IP(s):  window

Step 12: Click on the Save button to save the rule profile

4. Click on the Apply button to add the ACL profile to the Profile Name window list.
5. After the Profile has been generated, the ACL status is displayed.  Click on the Close button to complete the ACL profile.

      Next