User ACL for Upper Registration

Owned by Nathaniel Halbrooks
Last updated: Mar 25, 2024 by Kelli Higdon
4 min read

User ACL for Upper Registration is a feature that allows you to restrict upper registration for individual user based on the location where the user register from.

 

 

Generating Zone Information

We first need to define the zoning. 

Create a User ACL Zone file in csv format:

In the above example, the first line are field names that must be matched with the example above.

Each lines after is a definition of a zone with a zone name and a IP list, separated by comma. Only one line per zone is allowed.

IP list contains one or more <IP>/<Prefix_size>, separated by a '|' character.

The zone file must be named with .csv extension.

 

Generating User Information

We then need to define ACL User.

Create a User ACL file in csv format:

In the above example, the first line are field names that must be matched with the example above.

Each lines after is a definition of user ACL information with a user name, domain name and zone name, all fields are separated by comma. Each user in a domain can only defined once.

The Zone name used here mush match with an entry in the Zone file with the same Zone name.

The User ACL file must be named with .csv extension.

 

Submitting the ACL Zone file

Go to "Configuration" -> "IP Settings" -> "Access Control List"

Click the "Upload" button under the ACL Zone File section:

 

 

Select the Zone file created above:

 

Verify file name and the number of entries, then click "Save".

 

The submitted file will be displayed.

 

Submitting the User ACL file

Go to "Configuration" -> "IP Settings" -> "Access Control List"

Click the "Upload" button under the User ACL File section:

 

Verify file name and the number of entries, then click "Save".

 

The submitted file will be displayed.

 

Apply the changes from WebUI.

If this is an initial setup for User ACL, please restart "Netborder Session Controller" service from 

"Overview" -> "Dashboard" -> "Control Panel"

If you are adding additional Zone file for User ACL file with User ACL perviously configured, restarting "Netborder Session Controller" is not necessary.

User ACL configuration is now completed.

 

Expected Behavior

Once a Zone file and a User ACL file is uploaded, User ACL checking is turned ON. When an Registration is received and the requested Domain is configured to forward the registration. SBC will first check User ACL before forwarding. If the user is found under a domain in the User ACL database (which is the information submitted above), SBC will check the source IP of the Registration, if it is within the IP range described by the Zone IP list for that user, the Registration will be forwarded. Otherwise, the Registration will be rejected. If no entry is found for that user in the User ACL database, the Registration will be forwarded.

 

Query from Dialplan

In addition, user can query the ACL database from the dialplan as follow:

        <action application="set" data="api_result=${user_acl(1234 domain1 10.10.2.22)}"/>

In the example above, if 10.10.2.22 is within the IP range defined for user 1234 in domain1, variable api_result will contain the value "true".

If the IP falls outside of the IP list range, variable api_result will contain the value "false".

If no entry is found for user 1234 in domain1, that means no ACL is defined for the user, the variable api_result will contain the value "true".

 

Return to Documentation Home I Return to Sangoma Support