Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »


User ACL for Upper Registration is a feature that allows you to restrict upper registration for individual user based on the location where the user register from.


Generating Zone Information

We first need to define the zoning. 

Create a User ACL Zone file in csv format:

In the above example, the first line are field names that must be matched with the example above.

Each lines after is a definition of a zone with a zone name and a IP list, separated by comma. Only one line per zone is allowed.

IP list contains one or more <IP>/<Prefix_size>, separated by a '|' character.

The zone file must be named with .csv extension.


Generating User Information

We then need to define ACL User.

Create a User ACL file in csv format:

In the above example, the first line are field names that must be matched with the example above.

Each lines after is a definition of user ACL information with a user name, domain name and zone name, all fields are separated by comma. Each user in a domain can only defined once.

The Zone name used here mush match with an entry in the Zone file with the same Zone name.

The User ACL file must be named with .csv extension.


Submitting the ACL Zone file

Go to "Configuration" -> "IP Settings" -> "Access Control List"

Click the "Upload" button under the ACL Zone File section:



Select the Zone file created above:


Verify file name and the number of entries, then click "Save".


The submitted file will be displayed.


Submitting the User ACL file

Go to "Configuration" -> "IP Settings" -> "Access Control List"

Click the "Upload" button under the User ACL File section:


Verify file name and the number of entries, then click "Save".


The submitted file will be displayed.


Apply the changes and restart "Netborder Session Controller" service from 

"Overview" -> "Dashboard" -> "Control Panel"

User ACL configuration is now completed.


Expected Behavior

Once a Zone file and a User ACL file is uploaded, User ACL checking is turned ON. When an Registration is received and the requested Domain is configured to forward the registration. SBC will first check User ACL before forwarding. If the user is found under a domain in the User ACL database (which is the information submitted above), SBC will check the source IP of the Registration, if it is within the IP range described by the Zone IP list for that user, the Registration will be forwarded. Otherwise, the Registration will be rejected. If no entry is found for that user in the User ACL database, the Registration will be forwarded.


Query from Dialplan

In addition, user can query the ACL database from the dialplan as follow:

        <action application="set" data="api_result=${user_acl(1234 domain1 10.10.2.22)}"/>

In the example above, if 10.10.2.22 is within the IP range defined for user 1234 in domain1, variable api_result will contain the value "true".

If the IP falls outside of the IP list range or no entry is found for user 1234 in domain1, variable api_result will contain the value "false".


  • No labels