Using Acls To Control Ssh2 Access - Extreme Networks ExtremeWare XOS Guide Manual

For additional information on the SSH protocol refer to Federal Information Processing Standards
Publication (FIPSPUB) 186, Digital Signature Standard, 18 May 1994. This can be download from: ftp://
ftp.cs.hut.fi/pub/ssh. General technical information is also available from:
http://www.ssh.fi

Using ACLs to Control SSH2 Access

You can restrict SSH2 access by creating and implementing an ACL policy. You configure an ACL policy
to permit or deny a specific list of IP addresses and subnet masks for the SSH2 port.
There are two methods to load ACL policies to the switch:
Use the
●
edit policy
directly on the switch.
Use the command to transfer a policy that you created using a text editor on another system to
●
tftp
the switch.
For more information about creating and implementing ACLs and policies, see
Manager" and Chapter 13,
Sample SSH2 Policies
The following are sample policies that you can apply to restrict SSH2 access.
In the following example named MyAccessProfile.pol, the switch permits connections from the subnet
10.203.133.0/24 and denies connections from all other addresses:
MyAccessProfile.pol
Entry AllowTheseSubnets {
if {
source-address 10.203.133.0 /24;
}
then
{
permit;
}
}
In the following example named MyAccessProfile_2.pol, the switch does not permit connections from
the subnet 10.203.133.0/24 but accepts connections from all other addresses:
MyAccessProfile_2.pol
Entry dontAllowTheseSubnets {
if {
source-address 10.203.133.0 /24;
}
then
{
deny;
}
}
Entry AllowTheRest {
ExtremeWare XOS 11.3 Concepts Guide
command to launch a VI-like editor on the switch. You can create the policy
"Access Lists (ACLs)."
Secure Shell 2
Chapter 12, "Policy
337