Deny Telnet Service
This ACL will deny the service of Telnet from being used. The rule must be an extended ACL with Deny. It must be an IPv4, TCP, and be directed at packets going to port 23.
EMS Deny Telnet Procedure
- Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
- Select the EMS ACL Create a new profile icon and name the ACL profile to DenyTelnet.
- Click on the Create Rule buttonand perform the following steps:
Step 1: Enter "Deny-Telnet" in Rule Name: entry box:
Step 2: Select "Extended ACL" from the ACL Type: Dropdown
Step 3: Select "Deny "from the Action: Dropdown
Step 4: Select "Ipv4" from the Filter Type: Radio Selections
Step 5: Select "Any Mac(s)" from the SourceMAC(s): dropdown
Step 6: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window
Step 7: Select the MAC address entry in the Source Mac(s) window
Step 10: Add "20" to the Distribution Port: entry box
Step 11: Click on the Add button to add the Bound SRC IP(s) and bit count to the Bound SRC IP(s): window
Step 12: Click on the Save button to save the rule profile
- Click on the Apply button to add the ACL profile to the Profile Name window list.
- After the Profile has been generated, the ACL status is displayed. Click on the Close button to complete the ACL profile.
CLI ACL Deny Telnet Procedure
- Open a CLI session and create a new DenyTelnet ACL profile.
ESUx> profile acl create name=DenyTelnet <enter>
success
ESUx> _
|
- From the ESUx> command line, input profile acl edit name=DenyTelnet rule number=1 extended action=deny l2 et=ipv4 sa=any max-macs=1 l3 protocol=tcp l4 deSTination single port=23, and press Enter. Output similar to the following is displayed:
ESUx> profile acl edit name=DenyTelnet rule edit name=AuthorizedMac-1rule number=1 sa=authorized max-macs=1 <enter> success ESUx> _
Verify the CLI entry
- From the ESUx> command line, input profile acl show name=DenyTelnet, and press Enter. Output similar to the following is displayed:
ESUx> profile acl show name=DenyTelnet <enter> | Access Control List Profile | |============================================================================| | Profile Name : DenyTelnet | | | | Rule #1 | | Rule Identifier : Rule-1 | | Type : extended | | Action : deny | | | | Layer 2 | | Ethertype : IPv4 (0x0800) | | 802.1p Priority : n/a | | | | Source MAC(s) | | MAX Source MACs : 1 | | SA #1 : any | | | | Destination MAC(s) | | | | L2 Flags | | DLF : n/a | | | | Layer 3 | | IP TTL : n/a | | IP DSCP : n/a | | IP TOS : n/a | | IP Protocol : tcp (6) | | | | Source IP/Subnet(s) | | | | Destination IP/Subnet(s) | | | | L3 Flags | | DF : n/a | | MF : n/a | | | | Layer 4 | | | | Source | | Type : n/a | | Port : n/a | | Port End : n/a | | | | Destination | | Type : Single | | Port : 23 | | Port End : n/a | | | | L4 Flags | | URG : n/a | | ACK : n/a | | PSH : n/a | | RST : n/a | | SYN : n/a | | FIN : n/a | | | | Meters | | | |============================================================================| ESUx>_
Previous | Next