Security
7705 SAR OS System Management Guide Page 51
Security Configuration Procedures
• Configuring Management Access Filters
• Configuring CPM (CSM) Filters
• Configuring Password Management Parameters
• Configuring Profiles
• Configuring Users
• Copying and Overwriting Users and Profiles
• Configuring SSH
• Configuring Login Controls
• RADIUS Configurations
• TACACS+ Configurations
Configuring Management Access Filters
Creating and implementing management access filters is optional. Management access
filters control all traffic going in to the CSM, including all routing protocols. They apply to
packets from all ports. The filters can be used to restrict management of the 7705 SAR
router by other nodes outside either specific (sub)networks or through designated ports. By
default, there are no filters associated with security options. The management access filter
and entries must be explicitly created on each router. These filters apply to the management
Ethernet port.
The 7705 SAR exits the filter when the first match is found and executes the actions
according to the specified action. For this reason, entries must be sequenced correctly from
most to least explicit.
An entry may not have any match criteria defined (in which case, everything matches) but
must have at least the keyword
action to be considered complete. Entries without the
action keyword are considered incomplete and will be rendered inactive.
Use the following CLI commands to configure a management access filter. This example
only accepts packets matching the criteria specified in entries 1 and 2. Non-matching
packets are denied.
CLI Syntax: config>system
security
management-access-filter
ip-filter
default-action {permit | deny | deny-host-
unreachable}
renum old-entry-number new-entry-number
To Next Page
Loading...
