Configuring Access Restriction

Address Restriction​

Restrict incoming network address using Allow List as first priority and Block List as second priority. If an address is added to the Allow List, the Block List entries are ignored. If no address is found in Allow List, the Block List entries are effective. Configuration change becomes effective Immediately at Apply time.

Allow List​

This option allows you to restrict incoming network access to specific IP addresses.

• List of Allowed IP Addresses

  • You can enter up to five IPv4 addresses or ranges and three IPv6 addresses or ranges separated by commas, which are allowed to access the XClarity Controller. Refer to the examples below:

  • IPv4 address format: 192.168.100.200

  • IPv6 address format: fe80::3a7c:76ff:fe94:44f9, 3ffe:2001:a32b::2

  • IPv4 address with subnet: 10.245.35.0/24

  • IPv6 address with prefix: 3ffe:2001:a32b:1234::/126

  • IPv4 address ranges: 169.254.95.100-169.254.95.105

  • IPv6 address ranges: 3ffe:2001::02-3ffe:2001::03

Block List and Time Restriction​

These options allow you to block specific IP/Mac addresses for specific period of time.

• List of Blocked IP Addresses

  • You can enter up to three IPv4 addresses or ranges and three IPv6 addresses or ranges separated by commas, which are not allowed to access the XClarity Controller. Refer to the IPv4 examples below:

  • Single IPv4 address sample: 192.168.1.1

  • Supernet IPv4 address sample: 192.168.1.0/24

  • IPv4 range sample: 192.168.1.1–192.168.1.5

• List of Blocked MAC address

  • You can enter up to three MAC addresses separated by commas, which are not allowed to access the XClarity Controller. For example: 11:22:33:44:55:66.

• Restricted Access (one time)

  • You can schedule a one-time time interval during which the XClarity Controller cannot be accessed. For the time interval that you specify:

  • The beginning date and time must be later than the current XCC time.

  • The ending date and time must be later than the beginning date and time.

• Restricted Access (daily)

  • You can schedule one or more daily time intervals during which the XClarity Controller cannot be accessed. For each time interval that you specify:

  • The ending date and time must be later than the beginning date and time.

Externally Triggered Block List​

These options allow you to setup automatic blocking of specific IP addresses (IPv4 and IPv6) from which client successively attempted to log in to XClarity Controller with different incorrect username or password.

Automatic blocking will dynamically determines when excessive login failures occur from a particular IP address and blocks that address from accessing XClarity Controller for a predetermined amount of time.

• Maximum number of login failures from a particular IP

  • The maximum number of times indicates the number of login failures allowed for a user with an incorrect password from a specific IP address before it becomes locked-out.

  • If set to 0, IP address will never be locked due to login failures.

  • The failed login counter for the specific IP address will be reset to zero after successful login from that IP address.

• Lockout period for blocking an IP

  • The minimum amount of time (in minutes) that must pass before a user can attempt to log back in again from a locked IP address.

  • If set to 0, access from the locked IP address remains blocked-out until the administrator explicitly unlocks it.

• Block List

  • The table Block List displays all locked IP addresses. You can unlock one or all IP addresses from the Block List.