Reset Search



How To Create an ACL on an XOS Switch for SSH2 Service Access

« Go Back


TitleHow To Create an ACL on an XOS Switch for SSH2 Service Access
How to create and apply an ACL to control access to the SSH2 service on an XOS switch
  • Summit
  • EXOS Versions
1. Create a policy file (.pol) with the content listed below
2. Use the tftp process to upload the .pol file to the switch or use the local vi
editor to create the policy file.
3. Once the policy file is on the switch, configure the SSH2 command to apply the ACL
to the SSH2 service

Sample ACL to apply a list of “source_IP” addresses that are “permitted” to access the switch management IP via SSH
entry Controlssh {
        if  match any{
        } then {
                count Controlssh;
3. Make sure the “if” statement is “match any”, “If” by default is “match all”
4. Use the following command to verify the ACL formatting:
check policy <policy_name>
5. configure the SSH2 service to apply the .pol file (ACL):
configure ssh2 access-profile <policy_name>
6. To remove the ACL/policy from the SSH2 service use the “none” option in place of
the <policy_name>:
configure ssh2 access-profile none
Additional notes
The ACL is applied as an inbound traffic filter to the SSH2 service.
If the XOS switch has multiple routing interfaces configured, the ACL will be applied to “all” interfaces as an inbound ACL.

Use the "show management" cli command to verify the access-profile is applied to the SSH2 service.

Use the cli command "show log" will display any "hits" to the policy.




Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255