set system service-acl Configuring Service Access Control Lists
Enterasys C3 Configuration Guide 35-3
Defaults
If no service is specified, the given ACL will be applied to all host services.
If no port or VLAN is specified, the rule applies to all interfaces.
If no priority is specified, the rule will be written to end of the access list.
Mode
Switch command, read-write.
Usage
Use this command to configure a service access control list. Each rule should have a unique
priority. New rules without a priority will be entered at the end of the service ACL. Use the set
system access-class command to choose the active service-acl. The active management list can't be
updated or removed.
A service ACL has an implicit deny all rule at the end. If you want to allow access by a network
server that is not covered by the specific services listed with the service parameter, such as an NTP/
SNTP server, you can add a permit rule for the IP address of that server.
Examples
The following example shows how to allow remote management for all host services through
ports ge.1.1 and ge.1.2. Since no priority is specified, the rules will be added in the order in which
they entered.
C3(su)->set system service-acl my-sacl permit port ge.1.1
C3(su)->set system service-acl my-sacl permit port ge.1.2
This command adds a permit rule to allow traffic from the SNTP network server with IP address
10.10.22.2.
C3(su)->set system service-acl my-sacl permit ip-source 10.10.22.2 port 123
This command denies SSH access from source IPv4 address 192.168.10.10 and sets the priority of
the rule to 1.
C3(su)->set system service-acl my-sacl deny service ssh ip-source 192.168.10.10
priority 1
service service (Optional) Specifies the host service for the rule. Valid values for service
are:
• HTTP
• HTTPS
•SNMP
•SSH
•Telnet
•TFTP
priority priority-value (Optional) Specifies the priority for the rule. If no priority is specified,
the rule will be added to the end of the access control list.
To Next Page
Loading...
Need help?
General