This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How i can enable access list using only mac address to ssh login

How i can enable access list using only mac address to ssh login

Adnan
New Contributor

‎07-17-2017 03:07 AM

Hello

i would like to enable access list using mac address of certain PC

i am asking because i used the same code of access list using only ip address

i used this code

entry AllowManagementIP { if match any { ethernet-source-address F8:A7:BC:E0:D1:AE; } then { permit; } } and it didnt work still eny pc can login using ssh i did refresh policy cammand still the same problem
0 Kudos
21 REPLIES 21

Adnan
New Contributor

‎07-17-2017 05:21 AM



entry AllowManagementIP { if match any { ethernet-source-address F8:A7:BC:E0:D1:AE; } then { permit; } else {
deny all;
} }

Error again: attribiute deny should not have any arguments , "all " is invalid
0 Kudos

AnonymousM
Valued Contributor II

‎07-17-2017 05:17 AM

Myabe just a "deny;" would be enough. Didn't play with policy files for quite some time. 😉

0 Kudos

AnonymousM
Valued Contributor II

‎07-17-2017 05:16 AM

OK. Try to add a deny all at the bottom of the policy
0 Kudos

Adnan
New Contributor

‎07-17-2017 05:03 AM

entry AllowManagementIP { if match any { ethernet-source-address F8:A7:BC:E0:D1:AE; } then { permit; } else {
deny;
} }

it gives me Error
error policy has else clause , which can be used only in clear flow rules
0 Kudos

AnonymousM
Valued Contributor II

‎07-17-2017 04:34 AM

you could just try to use

else {
deny;
}

after your then expression
0 Kudos
GTM-P2G8KFN