Table of Contents
Advertisement
9.4 Access Policy Configuration Example – Adding
SNMPv1/2c, SSH, FTP, and TELNET Services
9.4.1
Configuration
For this example, we demonstrate how to limit SNMPv1 and SNMPv2c read-write access to a single host
and read-only access to a single network. We will also demonstrate show to limit HTTP and Telnet
services with read-only and write-write access to separate networks. Overall, we will configure the
following
Policy 1 (default policy)
o
Allow only read-only access to network 172.30.0.0/16 for Telnet and HTTP
Policy 2
o
Limit SNMPv1 and SNMPv2c read-write access to host 172.30.20.21
Policy 3
o
Limit SNMPv1 and SNMPv2c read-only access to network 172.0.0.0/8
Policy 4
o
Allow read-write access to network 172.30.20.0/24 for Telnet and HTTP
The default SNMPv1 and SNMPv2c VACM read group name is readgrp while the
default read-write group is v1v2grp. For this example we will simple use these VACM
groups. This can be verified using ACLI command show snmp-server group
Step 1 –Setup the default policy, policy 1, to allow for read-only access to network 172.30.0.0/16
for telnet and HTTP services
VSPswitch:1(config)#access-policy 1 network 172.30.0.0 16
VSPswitch:1(config)#access-policy 1 access-strict
VSPswitch:1(config)#access-policy 1 accesslevel ro
VSPswitch:1(config)#no access-policy 1 ssh
VSPswitch:1(config) no access-policy 1 ftp
Step 2 – Setup policy 2 to allow for read-write SNMPv1 & SNMPv2c access to host 172.30.20.21
VSPswitch:1(config)#access-policy 2
VSPswitch:1(config)#access-policy 2 name policy2
VSPswitch:1(config)#access-policy 2 host 172.30.20.21
VSPswitch:1(config)#access-policy 2 snmpv3
VSPswitch:1(config)#access-policy 2 snmp-group v1v2grp snmpv1
VSPswitch:1(config)#access-policy 2 snmp-group v1v2grp snmpv2c
March 2015
Avaya Inc. – External Distribution
avaya.com
127
- Quick Links:
- Table 2: Default User Names and...
Hide quick links:
Advertisement
Table of Contents
