Access Policy

A default access-policy ID 1 exists for services such as FTP, HTTP, TFTP, Telnet and SSH (optional SNMPv3 and rlogin). Access-policy is globally disabled by default. If enabled the policy will be enabled with mode allow.

VSP-8284XSQ:1(config)#show access-policy

AccessPolicyEnable: on

Id: 1
Name: default
PolicyEnable: true
Mode: allow
Service: ftp|http|tftp|telnet|ssh
Precedence: 128
NetAddrType: any
NetAddr: N/A
NetMask: N/A
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 5

This can cause a log message like below if a third party application uses SNMPv2 to communicate with the switch.

Example,

VSP-8284XSQ:1(config)#show log file tail
1 2018-05-17T10:44:47.329Z VSP-8284XSQ CP1 – 0x00004746 – 00000000 GlobalRouter SNMP INFO snmpv3 connection access from IP 10.10.10.10 is denied by no matching policy

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

explorerob's Blog

A great WordPress.com site

Access Policy

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply