Reset Search
 

 

Article

How To Create an ACL on an XOS Switch for SSH2 Service Access

« Go Back

Information

 
TitleHow To Create an ACL on an XOS Switch for SSH2 Service Access
Objective
How to create and apply an ACL to control access to the SSH2 service on an XOS switch
Environment
  • Summit
  • EXOS 16.1.3.6 Versions
Procedure
1. Create a policy file (.pol) with the content listed below
2. Use the tftp process to upload the .pol file to the switch or use the local vi
editor to create the policy file.
3. Once the policy file is on the switch, configure the SSH2 command to apply the ACL
to the SSH2 service

Sample ACL to apply a list of “source_IP” addresses that are “permitted” to access the switch management IP via SSH
**************************************
entry Controlssh {
        if  match any{
                source-address 10.10.112.20/32;
                source-address 10.10.111.30/32;
                source-address 10.10.111.35/32;
                source-address 10.10.111.36/32;
                source-address 10.10.100.200/32;
        } then {
                permit;
                count Controlssh;
       }
}
**************************************
3. Make sure the “if” statement is “match any”, “If” by default is “match all”
4. Use the following command to verify the ACL formatting:
check policy <policy_name>
5. configure the SSH2 service to apply the .pol file (ACL):
configure ssh2 access-profile <policy_name>
6. To remove the ACL/policy from the SSH2 service use the “none” option in place of
the <policy_name>:
configure ssh2 access-profile none
Additional notes
The ACL is applied as an inbound traffic filter to the SSH2 service.
If the XOS switch has multiple routing interfaces configured, the ACL will be applied to “all” interfaces as an inbound ACL.

Use the "show management" cli command to verify the access-profile is applied to the SSH2 service.

Use the cli command "show log" will display any "hits" to the policy.

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255