Using cloud connectors
To the left you will find an excerpt of an access control entry (ACE) that permits access to a specific host cloud-service.example.com. The entire example is found here.
{
"name": "cl0-frdev",
"matches": {
"ipv4": {
"ietf-acldns:dst-dnsname":
"cloud-service.example.com"
}
},
"actions": {
"forwarding": "accept"
}
To the left you will find an excerpt of an access control entry (ACE) that permits access to a specific host cloud-service.example.com. The entire example is found here.
"ace":
[
{
"name": "myctl0-todev",
"matches": {
"ietf-mud:mud": {
"my-controller": [
null
]
}
},
"actions": {
"forwarding": "accept"
}
}
]
This example permits access to my-controller, which is specific to this particular class of device, as defined by its MUD URL.
Use my-controller when you manufacturer very few models of devices, as for each separate MUD URL, the administrator will be asked to fill in who my-controller is for this device. A complete example can be found here.
"ace": [
{
"name": "myman0-todev",
"matches": {
"ietf-mud:mud": {
"same-manufacturer": [
null
]
}
},
"actions": {
"forwarding": "accept"
}
}
]
This example permits access to same-manufacturer, when the authority section of a MUD URL of another device matches the authority section of the MUD URL for this device. For example, if device A has a MUD URL of https://example.com/devA and device B has a MUD URL of https://example.com/devB, same-manufacturer will match in either's MUD file because they both contain "example.com". A complete example can be found here.