Table of Contents
Advertisement
The following example displays an IPv4 management access filter configuration. This
example only accepts packets matching the criteria specified in entries 1 and 2. Non-matching
packets are denied.
Example:
The following example displays the management access filter configuration.
ALU-1>config>system>security# info
----------------------------------------------
----------------------------------------------
ALU-1>config>system>security#
7705 SAR OS System Management Guide
config>system>security# management-access-filter
config>system>security>mgmt-access-filter# ip-filter
default-action deny
config>system>security>mgmt-access-filter# ip-filter
entry 1
config>system>security>mgmt-access-filter>ip-
filter>entry# src-ip 10.10.10.104/32
config>system>security>mgmt-access-filter>ip-
filter>entry# action permit
config>system>security>mgmt-access-filter>ip-
filter>entry# exit
config>system>security>mgmt-access-filter# entry 2
config>system>security>mgmt-access-filter>ip-
filter>entry# src-ip 10.10.10.1/32
config>system>security>mgmt-access-filter>ip-
filter>entry# action permit
config>system>security>mgmt-access-filter>ip-
filter>entry# exit
management-access-filter
ip-filter
default-action deny
entry 1
action permit
src-ip 10.10.10.104/32
exit
entry 2
action permit
src-ip 10.10.0.1/32
exit
exit
Note: If configuring management access filters via a Telnet session, ensure that data from
the host IP address is permitted before setting the default action to deny; otherwise, the
session will be dropped. To do this, set the default action to permit, configure an entry with
the src-ip address of the host as a permitted match criterion, then set the default action
back to deny. Alternatively, use a direct console connection to the node for configuration;
in this case, the order of filter configuration does not matter.
Security
45
Advertisement
Table of Contents
