Document toolboxDocument toolbox

Creating Named ACLs

Owned by Sri Raghu
Last updated: Sept 06, 2024
2 min read

Depending on how you plan to use a named ACL and which access control types an operation supports, you can add one or all of the following when you define a named ACL: IP addresses or Networks. You can also add an existing named ACL as a nested ACL to a new or an existing named ACL.

When configuring a named ACL, ensure that you define it correctly for the intended operations using the supported access control types.

To create a named ACL, complete the following:

  1. From the Infoblox Portal, click Configure > DNS >  Access Control Lists > Create Named ACL.
  2. On the Create Named ACL page, specify the following:
    • Name: Enter a name for the named ACL.  
    • Description: Enter additional information about the named ACL.
    • List: Click Add to add a named ACL or click Remove to delete the entry. Choose one of the following access control types from the drop-down list in the TYPE column. Depending on your selection, the application adds a row to the table directly or expands the panel before adding a row:
      • IP Address: Select this option to add an IPv4/IPv6 address. Click the VALUE field and enter the IPv4/IPv6 address. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
      • Network: When you choose this, enter the IPv4/IPv6 network address in the VALUE field, specify the netmask, and then choose Allow or Deny from the PERMISSION drop-down list.
      • Named ACL: When you choose this, the application displays the list of Named ACLs in the drop-down list. Choose the named ACL you want to add to the new ACL. If you have only one existing named ACL, the application automatically adds the named ACL to the list. The selected named ACL becomes a nested ACL in the newly created named ACL.
      • Any Address/Network: Choose this option to allow or deny permission for any address and network. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
      • TSIG: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list. Configure the following:
        • New TSIG: Choose this option to create a new TSIG key. Configure the following for a new TSIG key:
          • Key Name: Specify a name for the key.
          • Algorithm: Choose one of the following algorithms from the drop-down: HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512.
          • Secret: Specify a value for the secret. The value must be a Base64 encoded string. Alternatively, click Generate to automatically generate a unique value.
          • Description: Specify a description for the key.
        • Existing TSIG: Select an existing TSIG Key from the drop-down. 
    • Tags: For information about tags, see Managing Tags.

  3. Click Save & Close to save the record and close the dialog.