Avaya Inc.
– External Distribution
123
avaya.com
March 2015
9. Access Policy
You can control access to the switch by creating an access policy. Presently, management access to a
VSP switch is only allowed to an IP interface in VRF zero (GRT). Management access is not allowed to
an IP interface in any other VRF. An access policy specifies the hosts or networks that can access the
device through various services, such as Telnet, SNMP, Hypertext Transfer Protocol (HTTP), Remote
Shell (RSH), and remote login (rlogin). Overall, the Access Policy feature on the VSP switch supports the
following feature:
Access level:
Specifies the access level of the trusted as hostreadOnly (ro), readWrite (rw), or
readWriteAll (rwa)
Mode:
Indicates whether a packet having a source IP address that matches this entry should be
permitted to enter the device or denied access.
Service
: Indicates the protocol to which this entry should be applied. Choices are telnet, snmp,
tftp, ftp, http, rlogin, and/or ssh.
Precedence:
Indicates the precedence of the policy. The lower the number, the higher the
precedence (1 to 128).
Network Address and Network Mask:
Indicates the source network IP address and mask. An
address of 0.0.0.0 specifies any address on the network.
Host:
Indicates the trusted IP address of the host performing rlogin or rsh into the device. Applies
only to rlogin and rsh.
Access-strict:
Sets the access level strictly.
Enterprise Device Manager does not provide SNMPv3 support for an access policy. If
you modify an access policy with Device Manager, ensure SNMPV3 is disabled.
9.1 Enable Access Polices Globally
To enable or disable access policy globally, enter the following command.
VSPswitch(config)#
access-policy
VSPswitch(config)#
no access-policy