AKCP SP+ User manual
www.AKCP.com
SP+ Network Access Control
Manual
Copyright © 2021, AKCP
SP+ Network Access Control Manual
- 2 -
Introduction
The Network Access Control (NAC) is a new feature for SP+ F7 and H7 units, starting with firmware
5605.
It is an incoming packet filter (network firewall) which supports low-level filtering of all IPv4 and IPv6
traffic.
Turning on the NAC feature affects all incoming open ports and all network interfaces on the unit
(Ethernet and modem). The outgoing network traffic is not affected.
NAC has two modes: whitelist or blacklist.
In blacklist mode, you can block certain IP addresses or address ranges from accessing the unit in
any way.
In whitelist mode, ONLY the allowed IP addresses can connect to the unit, and any other IPs will be
blocked. Therefore, this mode must be used carefully to prevent locking out yourself.
Configuration
Go to Settings menu -> Network Access Control
The default NAC mode is disabled (no filtering); this mode is the same as on earlier firmware.
SP+ Network Access Control Manual
- 3 -
Blacklist mode
As noted above, in blacklist mode, the unit will block access from certain IP addresses or address
ranges from accessing the unit in any way.
Click on the Add button and add your IP address(es) or address range(s) one by one.
Important: You can only define a maximum of 10 entries!
SP+ Network Access Control Manual
- 4 -
Note that you must always specify the subnet mask for even a single IP address.
Examples:
Block a single IPv4 host (subnet mask 32):
192.168.1.137/32
Block a single IPv6 host (subnet mask 128):
fd00::1/128
Block all IPv4 addresses from 192.168.0.x network (subnet mask 24):
192.168.0.1/24
Block all IPv4 addresses from 172.16.x.x network (subnet mask 16):
172.16.1.1/16
When you have added all IP addresses or network ranges that you want to block, click on the Save
button and reboot the unit to make the changes effective.
SP+ Network Access Control Manual
- 5 -
Whitelist mode
As noted above, in whitelist mode ONLY the allowed IP addresses can connect to the unit, and any
other IPs will be blocked. Therefore, this mode must be used carefully to prevent locking out yourself.
The configuration is exactly the same as for the blacklist mode (see above).
When you have added all IP addresses or network ranges that you want to allow, click on the Save
button and reboot the unit to make the changes effective.
SP+ Network Access Control Manual
- 6 -
Reset button function for NAC
In case you misconfigure NAC feature and you can no longer access the unit, the Reset button can
be used to disable NAC.
Note that doing so will also reset the passwords for the built-in WebUI user accounts (User, Viewer,
Admin) if you have set a custom password for them.
To disable NAC and reset WebUI passwords to default, press and hold Reset button for 7-12
seconds.
After using the Reset button function as above, the device has to be rebooted to make the changes
effective (power cycle).
Then you can access the unit’s WebUI and reconfigure NAC feature.
Note that you will have to re-enter the WebUI passwords for the built-in users again, if you have
customized them.
Network subnet ranges
If you need additional help in correctly defining the network subnet mask for the IP addresses, we
recommend using the following links:
https://www.calculator.net/ip-subnet-calculator.html
https://packetlife.net/media/library/15/IPv4_Subnetting.pdf
https://www.ripe.net/about-us/press-centre/ipv6-chart_2015.pdf
https://www.crucial.com.au/blog/2011/04/15/ipv6-subnet-cheat-sheet-and-ipv6-cheat-sheet-reference/
Quick reference can be found below for IPv4 and IPv6 subnets.
SP+ Network Access Control Manual
- 7 -
IPv4 subnet ranges
Source: https://packetlife.net/media/library/15/IPv4_Subnetting.pdf
SP+ Network Access Control Manual
- 8 -
IPv6 subnet ranges
IPv6 CIDR Subnet Number of IPs
/128 1
/127 2
/126 4
/125 8
/124 16
/123 32
/122 64
/121 128
/120 256
/119 512
/118 1,024
/117 2,048
/116 4,096
/115 8,192
/114 16,384
/113 32,768
/112 65,536
/111 131,072
/110 262,144
/109 524,288
/108 1,048,576
/107 2,097,152
/106 4,194,304
/105 8,388,608
/104 16,777,216
/103 33,554,432
/102 67,108,864
/101 134,217,728
/100 268,435,456
/99 536,870,912
/98 1,073,741,824
/97 2,147,483,648
/96 4,294,967,296
/95 8,589,934,592
/94 17,179,869,184
/93 34,359,738,368
/92 68,719,476,736
SP+ Network Access Control Manual
- 9 -
/91 137,438,953,472
/90 274,877,906,944
/89 549,755,813,888
/88 1,099,511,627,776
/87 2,199,023,255,552
/86 4,398,046,511,104
/85 8,796,093,022,208
/84 17,592,186,044,416
/83 35,184,372,088,832
/82 70,368,744,177,664
/81 140,737,488,355,328
/80 281,474,976,710,656
/79 562,949,953,421,312
/78 1,125,899,906,842,624
/77 2,251,799,813,685,248
/76 4,503,599,627,370,496
/75 9,007,199,254,740,992
/74 18,014,398,509,481,985
/73 36,028,797,018,963,968
/72 72,057,594,037,927,936
/71 144,115,188,075,855,872
/70 288,230,376,151,711,744
/69 576,460,752,303,423,488
/68 1,152,921,504,606,846,976
/67 2,305,843,009,213,693,952
/66 4,611,686,018,427,387,904
/65 9,223,372,036,854,775,808
Residential – /64 18,446,744,073,709,551,616
/63 36,893,488,147,419,103,232
/62 73,786,976,294,838,206,464
/61 147,573,952,589,676,412,928
/60 295,147,905,179,352,825,856
/59 590,295,810,358,705,651,712
/58 1,180,591,620,717,411,303,424
/57 2,361,183,241,434,822,606,848
/56 4,722,366,482,869,645,213,696
/55 9,444,732,965,739,290,427,392
/54 18,889,465,931,478,580,854,784
/53 37,778,931,862,957,161,709,568
/52 75,557,863,725,914,323,419,136
/51 151,115,727,451,828,646,838,272
SP+ Network Access Control Manual
- 10 -
/50 302,231,454,903,657,293,676,544
/49 604,462,909,807,314,587,353,088
Business – /48 1,208,925,819,614,629,174,706,176
/47 2,417,851,639,229,258,349,412,352
/46 4,835,703,278,458,516,698,824,704
/45 9,671,406,556,917,033,397,649,408
/44 19,342,813,113,834,066,795,298,816
/43 38,685,626,227,668,133,590,597,632
/42 77,371,252,455,336,267,181,195,264
/41 154,742,504,910,672,534,362,390,528
/40 309,485,009,821,345,068,724,781,056
/39 618,970,019,642,690,137,449,562,112
/38 1,237,940,039,285,380,274,899,124,224
/37 2,475,880,078,570,760,549,798,248,448
/36 4,951,760,157,141,521,099,596,496,896
/35 9,903,520,314,283,042,199,192,993,792
/34 19,807,040,628,566,084,398,385,987,584
/33 39,614,081,257,132,168,796,771,975,168
ISP – /32 79,228,162,514,264,337,593,543,950,336
/31 158,456,325,028,528,675,187,087,900,672
/30 316,912,650,057,057,350,374,175,801,344
/29 633,825,300,114,114,700,748,351,602,688
/28 1,267,650,600,228,229,401,496,703,205,376
/27 2,535,301,200,456,458,802,993,406,410,752
/26 5,070,602,400,912,917,605,986,812,821,504
/25 10,141,204,801,825,835,211,973,625,643,008
/24 20,282,409,603,651,670,423,947,251,286,016
/23 40,564,819,207,303,340,847,894,502,572,032
/22 81,129,638,414,606,681,695,789,005,144,064
/21 162,259,276,829,213,363,391,578,010,288,128
/20 324,518,553,658,426,726,783,156,020,576,256
/19 649,037,107,316,853,453,566,312,041,152,512
/18 1,298,074,214,633,706,907,132,624,082,305,024
/17 2,596,148,429,267,413,814,265,248,164,610,048
/16 5,192,296,858,534,827,628,530,496,329,220,096
/15 10,384,593,717,069,655,257,060,992,658,440,192
/14 20,769,187,434,139,310,514,121,985,316,880,384
/13 41,538,374,868,278,621,028,243,970,633,760,768
/12 83,076,749,736,557,242,056,487,941,267,521,536
/11 166,153,499,473,114,484,112,975,882,535,043,072
/10 332,306,998,946,228,968,225,951,765,070,086,144
Other manuals for SP+
1
Other AKCP IP Access Controllers manuals
