Owner's Manual
508 | Chapter 17. Security
NETGEAR 8800 User Manual
Using ACLs to Control SSH2 Access
You can restrict SSH2 access by creating and implementing an ACL policy. You configure an
ACL policy to permit or deny a specific list of IP addresses and subnet masks for the SSH2
port.
The two methods to load ACL policies to the switch are:
• Use the edit policy command to launch a VI-like editor on the switch. You can create the
policy directly on the switch.
• Use the tftp command to transfer a policy that you created using a text editor on another
system to the switch.
For more information about creating and implementing ACLs and policies, see Chapter 12,
Policy Manager and Chapter 13, ACLs.
Sample SSH2 Policies
The following are sample policies that you can apply to restrict SSH2 access.
In the following example named MyAccessProfile.pol, the switch permits connections from
the subnet 10.203.133.0/24 and denies connections from all other addresses:
MyAccessProfile.pol
Entry AllowTheseSubnets {
if {
source-address 10.203.133.0 /24;
}
then
{
permit;
}
}
In the following example named MyAccessProfile.pol, the switch permits connections from
the subnets 10.203.133.0/24 or 10.203.135.0/24 and denies connections from all other
addresses:
MyAccessProfile.pol
Entry AllowTheseSubnets {
if match any {
source-address 10.203.133.0 /24;
source-address 10.203.135.0 /24;
}
then
{
permit;
}
}
In the following example named MyAccessProfile_2.pol, the switch does not permit
connections from the subnet 10.203.133.0/24 but accepts connections from all other
addresses: