Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

No Format
remark - allow HTTP from world to instance LAX1:210
permit tcp any host 68.67.169.12 eq 80
remark - allow 40000-41000 ports from VLAN LAX1:2071 (subnet of 256 IPs)
permit udp 64.208.138.0 0.0.0.255 any range 40000 41000
remark - allow SSH from world
permit tcp any any eq 22
remark - allow all traffic (all source and destination ports) from 1.2.3.4 to the whole VLAN
permit tcp 1.2.3.4 any

Manage-vlan Tool

Formerly, ACLs were set and modified though the AppNexus support team.  Now you can set and modify them yourself with new are set and modifed by customers using parameters in the manage-vlan CLI tool:

...

In addition to ACEs you can place remarks (comments) in ACLs.  The remarks are needed usually for easier understanding documenting the the ACL to make it easier to understand.   For example:

No Format
remark - allow SSH from world
permit tcp any any eq 22

(warning) Note that in case you need to open SNMP to your instances/VLANs it's from beyond the AppNexus network, it is not enough to open 161 port via manage-vlan, as we also need to "make a hole" open an ACL on our borders border routers as well. Please , open a Support ticket, requesting the task.this to happen.

(warning) NOTE: The set-acl and append-acl commands will validate ACEs for syntactical correctness, but will not look at the overall ACL to see if it makes functional sense. Processing of ACLs stops when an ACE/rule is matched.