11-19-2019 08:19 PM
Hi all,
I want to configure ACL for vty of SDWAN OS Router.
I can create ACL in Localized Policy but can't find where to apply this ACL on Vmanage template.
Please help me to find this feature.
Thanks!
11-23-2019 09:38 PM
Hi,
Apply a Localized Data Policy in a Device Template:-
===================================================================================
This is how you can apply policy to vSmart by creating device template.
=============================================================================
Let me know if you have still issue, i will write another post with one example with screenshot.
=====================================================================================
Kindly hit helpful button and mark as solve if this post has helped you.
==================================================================
Regards,
Rohit Raj
11-23-2019 11:21 PM - edited 11-23-2019 11:23 PM
Hi,
My question is How to configure ACL in VTY, not how configure ACL. (Keyword is VTY).
Of course, we can apply ACL in interface for workarround, but not recommend.
I aslo opened TAC and TAC confirmed no option for this function.
Thanks!
11-26-2020 09:12 AM
I want to know if you got the solution for applying ACL on line VTY through any Template?
I'm also looking for the same.
03-12-2021 03:41 PM
You can check this link on the Device Access Policy section:
with this policy, it will check the attempts to access from unwanted traffic on the control plane.
05-18-2021 06:25 AM
Hi all,
I had the same issue these days and the solution is:
- In Configuration/Policies you go right-top-corner and choose Access Control List;
- Choose Add Device Access Policy (permit_ssh);
- Add ACL Seq:
- Match Conditions: SSH and Source Data Prefix List <my_jump_server_IP/32>
- Actions: Enable
- Default Action: Drop Enabled
- Save, Save
- Go back to Configuration/Policies/Localized Policy:
- Add Policy;
- Next, Next until Configure Access Control Lists step;
- Add Device Access Policy (created previously: permit_ssh);
- Next, Next; Check Implicit ACL Logging and I've added Log Frequency 2;
-Save Policy (permit_ssh_Policy).
Now that the policy is created go on Router Template and in Additional Template tab, at Policy, choose the one you've just created (permit_ssh_Policy) and Update.
The configuration that is about to be pushed to router will be like this:
ip access-list extended test-acl-22
10 permit tcp 192.168.1.1 0.0.0.0 any eq 22
20 deny tcp any any eq 22
!
line vty 0 4
access-class test-acl-22 in vrf-also
!
line vty 5 80
access-class test-acl-22 in vrf-also
!
policy
no app-visibility
no flow-visibility
implicit-acl-logging
log-frequency 2
!
That is how it worked for me.
Cheers,
Bogdan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: