Access Policy

A default access-policy ID 1 exists for services such as FTP, HTTP, TFTP, Telnet and SSH (optional SNMPv3 and rlogin). Access-policy is globally disabled by default. If enabled the policy will be enabled with mode allow.

VSP-8284XSQ:1(config)#show access-policy

AccessPolicyEnable: on

Id: 1
Name: default
PolicyEnable: true
Mode: allow
Service: ftp|http|tftp|telnet|ssh
Precedence: 128
NetAddrType: any
NetAddr: N/A
NetMask: N/A
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 5

This can cause a log message like below if a third party application uses SNMPv2 to communicate with the switch.

Example,

VSP-8284XSQ:1(config)#show log file tail
1 2018-05-17T10:44:47.329Z VSP-8284XSQ CP1 – 0x00004746 – 00000000 GlobalRouter SNMP INFO snmpv3 connection access from IP 10.10.10.10 is denied by no matching policy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s