4
Examples
# Configure the device to log NETCONF edit-config information sourced from agent clients.
<Sysname> system-view
[Sysname] netconf log source agent protocol-operation set
netconf soap acl
Use
netconf soap acl
to apply an IPv4 ACL to control NETCONF over SOAP access.
Use
undo netconf soap acl
to restore the default.
Syntax
In non-FIPS mode:
netconf soap
{
http
|
https
}
acl
{
ipv4-acl-number
|
name ipv4-acl-name
}
undo netconf soap
{
http
|
https
}
acl
In FIPS mode:
netconf soap https
acl
{
ipv4-acl-number
|
name ipv4-acl-name
}
undo netconf soap https acl
Default
No IPv4 ACL is applied to control NETCONF over SOAP access.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-acl-number
: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.
http
: Applies an IPv4 ACL to control NETCONF over SOAP over HTTP access.
https
: Applies an IPv4 ACL to control NETCONF over SOAP over HTTPS access.
name ipv4-acl-name
: Specifies an IPv4 ACL by its name. The
acl-name
argument is a
case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it
cannot be
all
.
Usage guidelines
To control NETCONF over SOAP access, specify an ACL that exists and has rules.
•
If the specified ACL exists and has rules, only clients permitted by the ACL can establish
NETCONF over SOAP sessions.
•
If no ACL is applied or the applied ACL does not exist or does not have rules, all NETCONF
clients can establish NETCONF over SOAP sessions.
If you execute the
netconf soap http
acl
command multiple times, the most recent
configuration takes effect. The same is true for the
netconf soap https
acl
command.
Examples
# Use IPv4 ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish
NETCONF over SOAP over HTTP sessions.
<Sysname> system-view
[Sysname] acl basic 2001
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...