ACL OVER LOOPBACK

OcNOS-RON : System Management Guide : System Management Configuration Guide : Access Control Lists Configurations : ACL OVER LOOPBACK

ACL OVER LOOPBACK

The loopback interface ACL is the feature to be used to provide this basic level security for the management applications accessible through In-band interfaces.

Note: Refer to command reference section for limitation, default behavior, and not supported features.

Topology

Figure 21-32: ACL Loopback Topology

Loopback ACL Configuration

#configure terminal	Enter configure mode.
(config)#interface lo	Enter interface mode.
(config-if)#ip address 3.3.3.3/32 secondary	Assign the IPv4 secondary address.
(config-if)#ip address 4.4.4.4/32 secondary	Assign the IPv4 secondary address.
(config-if)#ip address 5.5.5.5/32 secondary	Assign the IPv4 secondary address.
(config-if)#ip address 6.6.6.6/32 secondary	Assign the IPv4 secondary address.
(config-if)#ip address 7.7.7.7/32 secondary	Assign the IPv4 secondary address.
(config-if)#exit	Exit interface mode.
(config)#ip access-list loopback	Create loopback access list
(config-ip-acl)#10 permit tcp any host 3.3.3.3 eq telnet	Permit telnet session from any source with specific destination.
(config-ip-acl)#20 deny tcp any host 4.4.4.4 eq telnet	Deny telnet session from any source with specific destination.
(config-ip-acl)#30 permit tcp any host 5.5.5.5 eq ssh	Permit ssh session from any source with specific destination.
(config-ip-acl)#40 deny tcp any host 6.6.6.6 eq ssh	Deny ssh session from any source with specific destination.
(config-ip-acl)#50 deny udp any host 6.6.6.6 eq snmp	Deny udp from any source with specific destination.
(config-ip-acl)#60 deny udp any host 7.7.7.7 eq ntp	Deny udp from any source with specific destination.
(config-ip-acl)#exit	Exit interface acl mode
(config)#interface lo	Enter interface lo mode
(config-if)#ip access-group loopback in	Associate loopback acl over lo interface
(config-if)#exit	Exit interface mode
(config)#exit	Exit config mode

Validation

Use the commands below to validate ACL loopback.

OcNOS#sh access-lists

IP access list loopback

10 permit tcp any host 3.3.3.3 eq telnet [match=12]

20 deny tcp any host 4.4.4.4 eq telnet [match=12]

30 permit tcp any host 5.5.5.5 eq ssh

40 deny tcp any host 6.6.6.6 eq ssh

50 deny udp any host 6.6.6.6 eq snmp [match=6]

60 deny udp any host 7.7.7.7 eq ntp

OcNOS#sh ip access-lists summary

IPV4 ACL loopback

statistics enabled

Total ACEs Configured: 6

Configured on interfaces:

lo - ingress (Router ACL)

Active on interfaces:

lo - ingress (Router ACL)

Configured on line vty:

OcNOS#sh running-config aclmgr

ip access-list loopback

10 permit tcp any host 3.3.3.3 eq telnet

20 deny tcp any host 4.4.4.4 eq telnet

30 permit tcp any host 5.5.5.5 eq ssh

40 deny tcp any host 6.6.6.6 eq ssh

50 deny udp any host 6.6.6.6 eq snmp

60 deny udp any host 7.7.7.7 eq ntp

interface lo

ip access-group loopback in

Last modified date: 08/28/2023