Security
7705 SAR OS System Management Guide Page 87
Parameters router-instance — specifies one of the following parameters for the router instance:
router-name — specifies a router name up to 32 characters to be used in the match criteria
service-id — specifies an existing service ID to be used in the match criteria
Values 1 to 2147483647
src-ip
Syntax [no] src-ip {[ip-prefix/mask] | [ip-prefix]}
Context config>system>security>management-access-filter>ip-filter>entry entry-id
Description This command configures a source IP address range to be used as a management access filter match
criterion.
To match on the source IP address, specify the address and the associated mask (for example,
10.1.0.0/16). The conventional notation of 10.1.0.0 255.255.0.0 can also be used.
The no form of the command removes the source IP address match criterion.
Default No source IP match criterion is specified.
Parameters ip-prefix — the IP prefix for the IP match criterion in dotted-decimal notation
mask — specifies the subnet mask length expressed as a decimal integer
Values 0.0.0.0 to 255.255.255.255 (IP prefix), 1 to 32 (mask length)
src-port
Syntax src-port {port-id | cpm}
no src-port
Context config>system>security>management-access-filter>ip-filter>entry entry-id
Description
This command restricts ingress management traffic to either the
CSM Ethernet port or any other
logical port (port or channel) on the device.
When the source interface is configured, only management traffic arriving on those ports satisfy the
match criteria.
The no form of the command reverts to the default value.
Default any interface
Parameters port-id — the port ID in the following format: slot/mda/port ( the slot ID is always 1)
For example: port 3 on MDA 2 on card 1 would be specified as 1/2/3.
To Next Page
Loading...
