Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsComputer equipmentSmartSwitch 1800
31323334353637383940
acl apply service
40 SSR Command Line Interface Reference Manual
http HTTP web server
snmp SNMP agent
telnet Telnet server
[logging [on|off]] Enables or disables ACL logging for this interface. You can specify
one of the following keywords:
off Disables logging.
on Enables logging.
Restrictions
You can apply only one ACL of each type (IP or IPX) to a service at one time. For example,
although you can define two ACLs, “ipacl1” and “ipacl2”, you cannot apply them both to
the same service.
Examples
To permit access to the SNMP agent only from the host 10.4.3.33 (presumably an SNMP
management station):
The following commands permit access to the Telnet server from hosts on the subnet
10.4.7.0/24 with a privileged source port. In addition, with logging enabled, all incoming
Telnet accesses are logged to the console.
The following commands permit access to the HTTP web server from subnet 10.12.4.0/24.
Notice that even though the destination address and port are specified for this ACL
(10.12.7.44 and any port), they are ignored. This service ACL will match only packets
destined for the SSR itself and the well-known port of the service (port 80 for HTTP).
ssr(config)# acl 100 permit udp 10.4.3.33
ssr(config)# acl 100 apply service snmp
ssr(config)# acl 120 permit tcp 10.4.7.0/24 <1024
ssr(config)# acl 120 apply service telnet logging on
ssr(config)# acl 140 permit ip 10.12.4.0/24 any 10.12.7.44 any
ssr(config)# acl 120 apply service http