How to configure ACL with respect to Port numbers and Protocols in NetSim? : NetSim Support Portal

If you have a CBR and a Voice application configured between the same two nodes, CBR follows TCP and Voice follows UDP.

So you can block Voice packets by blocking UDP protocol. This is one quick and easy way of blocking protocol based packets as shown below:

To block packets based on applications you can use port numbers. The port numbers are by default set to 0 but can be modified as per the requirement.

For example, if you have CBR and HTTP configured between two same nodes, both applications may be running TCP.

So to block only CBR-related packets and block HTTP, run simulation once without ACL. Go to TCP Metrics table in the Simulation Results window and enabled the detailed view checkbox as shown below:

Compare results with Application Metrics window to identify the rows in TCP Metrics table that is relevant to CBR Application based on number of packets sent and received:

Identify the port numbers for source and destination from the entry in the TCP Metrics table. In this case, the source node 2 uses port number 82 and destination node 3 uses the port number 36934. These port numbers will not change for this network scenario in subsequent runs.

Steps to configure ACL:

1. Since TCP is involved in both HTTP and CBR add an entry in ACL to block all TCP protocol based packets as shown below:

2. Add an entry to allow traffic between the source port 82 and destination port 36934 to allow TCP segments exchanged between Node 2 and 3 as part of the CBR Application configured, as shown below:

3. Add an entry to allow traffic between the source port 36934 and destination port 82 to allow TCP segments exchanged between Node 3 and 2 as part of the CBR Application configured, as shown below:

4. Move the entry added to Deny TCP traffic to the end of the list using the down button in-order to allow CBR packets and block only the HTTP packets as shown below:

NOTE: NetSim UI has limits for the entries to be added in the text box. Hence port number 36934 cannot be entered in the Source/ Destination port fields. Please enter the port number via the Router_1_Firewall.txt file as shown below:

5. Click on the Accept button to save the configuration done in the ACL window.

6. Run the simulation and check the results in the Application Metrics table of the Simulation Results window.

You will be able to observe that CBR packets are allowed whereas HTTP packets are blocked at the router based on the ACL configuration done.

what-are-the-access-control-list-options-in-netsim-and-where-is-the-code-for-this-

how-to-configure-acl-with-respect-to-port-numbers-and-protocols-in-netsim-

How to configure ACL with respect to Port numbers and Protocols in NetSim? Print

Related Articles