I need Edit the ACL policy in EXOS

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

I cant edit the ACL policy. i need add others IP ́s direction

Slot-2 SW.1 # sh policy Regla_acceso
Policies at Policy Server:
Policy: Regla_acceso
entry bLoqueo_SSH {
if match any {
    source-address 10.170.x.x/32 ;
    source-address 10.170.d.d/32 ;
    source-address 10.170.x.x/24 ;
    }
then {
    permit  ;
}
}
Number of clients bound to policy: 1
Client: exsshd bound once

Slot-2 SW.1 #

*******************************************************************************************

i try with these commands but it dont make the change

• i - To insert text ahead of the initial cursor position.

• a- To append text after the initial cursor position.

• dd - To delete the current line.

• yy - To copy the current line.

• p - To paste the line copied.

• :w - To write (save) the file.

• :q - To quit the file if no changes were made.

• :q! - To forcefully quit the file without saving changes.

• :wq - To write and quit the file.



Photo of Daniel Valera

Daniel Valera

  • 734 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 2,924 Points 2k badge 2x thumb
Daniel,

You might need to press the escape key before using 'i'
to insert while in VI. Sometimes it makes it easier if you write the policy in a text
editor outside of EXOS, then past it in VI editor. If using VI, press escape once again to exit the input mode. It also helps to press escape before pasting into VI.
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,816 Points 10k badge 2x thumb
Hi,

Just checking, you are into the text editor when trying to make the change, right?

# vi Regla_acceso.pol

or

# edit policy Regla_acceso

from there, you should be able to modify your file with the vi command listed.
Photo of Dorian Perry

Dorian Perry, Employee

  • 2,300 Points 2k badge 2x thumb
Hi Daniel,

I want to confirm the suggestion from Stephane.

The provided output shows that you are running the "show policy <name>", which only prints the policy to the screen.

To edit the policy use the vi editor with the command: "vi <pol_name>" or the command "edit policy <pol_name>".
Photo of Mareen

Mareen

  • 364 Points 250 badge 2x thumb
I agree with Dorian, you have to edit the policy wit the vi editor :)
Photo of Drew C.

Drew C., Community Manager

  • 38,494 Points 20k badge 2x thumb
Since this thread has been bumped, it should also be mentioned that you'll need to refresh the policy after editing to make it take effect.
See this article for more information:  Policy is not taking effect after changes have been made to the existing policy file