How i can enable access list using ip address to ssh login

  • 0
  • 1
  • Problem
  • Updated 1 year ago
  • Not a Problem
hello 
i am facing a problem when i am using ACL for SSH using this code it deny all the ip addresses to login using ssh 

other question what is the differnce between source-address and destination-address

because i saw alot of people in the community posting using   source-address and destination-address to login for ssh how come !!!


entry AllowManagementIP {
    if match any {                            

       source-address 10.10.10.252/32; 

    }

    then {

        permit;

    }
}
Photo of Adnan

Adnan

  • 242 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Ram

Ram, Employee

  • 1,450 Points 1k badge 2x thumb

Please see the below provided knowledge base articles for your reference:

https://gtacknowledge.extremenetworks.com/articles/Q_A/SSH-Access-Profile

https://gtacknowledge.extremenetworks.com/articles/How_To/Create-an-ACL-on-an-XOS-switch-for-SSH2-service-access

https://gtacknowledge.extremenetworks.com/articles/Q_A/SSH-Access-Profile/?_ga=2.14544561.780693609.....

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-restrict-telnet-access

1. Source-address is where the traffic originating from, like a end user/device (host).
2. Destination-address is where the user traffic destined to communicate (send the data to an end point).

Photo of Sushruth Sathyamurthy

Sushruth Sathyamurthy, Employee

  • 1,008 Points 1k badge 2x thumb
Hi Adnan,

When you configure an ACL for an access profile, in this case - the SSH access profile, there is an implicit deny entry. This means, other than the traffic explicitly allowed (10.10.10.252/32), all other SSH access will be denied.