Configuring TTY Access Control on FlexSwitch

The process of configuring TTY access control is essentially identical to applying a port ACL. The main difference it that is it usually applied to the management port (ma1).

Create a TTY ACL using the REST Interface

Create the ipv4 acl filters

This example creates four IPv4 ACL filters that are applied to an ACL.

curl -k -u admin:mysnaproute -H "Content-Type: application/json" -d '{"FilterName":"ipv4filter1", "SourceIp":"10.10.10.1", "SourceMask":"255.255.255.255"}' https://192.168.100.116/public/v1/config/AclIpv4Filter

curl -k -u admin:mysnaproute -H "Content-Type: application/json" -d '{"FilterName":"ipv4filter2", "SourceIp":"10.10.10.2", "SourceMask":"255.255.255.255"}' https://192.168.100.116/public/v1/config/AclIpv4Filter

curl -k -u admin:mysnaproute -H "Content-Type: application/json" -d '{"FilterName":"ipv4filter3", "SourceIp":"10.10.10.3", "SourceMask":"255.255.255.255"}' https://192.168.100.116/public/v1/config/AclIpv4Filter

curl -k -u admin:mysnaproute -H "Content-Type: application/json" -d '{"FilterName":"ipv4filter4", "SourceIp":"10.10.10.4", "SourceMask":"255.255.255.255"}' https://192.168.100.116/public/v1/config/AclIpv4Filter

Create a New ACL

This example creates a new ACL and applies the four filters created in the example shown above.

curl -k -u admin:mysnaproute  -H "Content-Type: application/json" -d '{"AclName":"aclipv4", "FilterName":"ipv4filter1", "IntfList":["ma1"], "Priority":10, "Stage":"IN", "Action":["DENY"], "AclType": "VTYv4"}' https://192.168.100.116/public/v1/config/Acl

curl -X PATCH -k -u admin:mysnaproute  -H "Content-Type: application/json" -d '{"AclName":"aclipv4", "FilterName":"ipv4filter2", "IntfList":["ma1"], "Priority":10, "Stage":"IN", "Action":["DENY"], "AclType": "VTYv4"}' https://192.168.100.116/public/v1/config/Acl

curl -X PATCH -k -u admin:mysnaproute  -H "Content-Type: application/json" -d '{"AclName":"aclipv4", "FilterName":"ipv4filter3", "IntfList":["ma1"], "Priority":10, "Stage":"IN", "Action":["DENY"], "AclType": "VTYv4"}' https://192.168.100.116/public/v1/config/Acl

curl -X PATCH -k -u admin:mysnaproute  -H "Content-Type: application/json" -d '{"AclName":"aclipv4", "FilterName":"ipv4filter4", "IntfList":["ma1"], "Priority":10, "Stage":"IN", "Action":["DENY"], "AclType": "VTYv4"}' https://192.168.100.116/public/v1/config/Acl

Create a TTY ACL using the FlexSwitch CLI

Create a Filter

The following examples demonstrates how to create an ACL filter using the CLI. The filter created in this example will be applied to an ACL created later in this article.

localhost(config-aclIPv4Filter)#srcIp 10.10.10.1
localhost(config-aclIPv4Filter)#srcMask 255.255.255.255

Verify that the filter was correctly configured.

localhost(config-aclIPv4Filter)#showunapplied 
Pending Config
NOTE: If attribute is not user provisioned default values shown, when config is applied a
read before write action will occur to fill in values of attributes not set by user.

id: 1   object: AclIpv4Filter   status: PENDING CONFIG  valid: True delete: False num user cmds: 3
 command                     attr             value              model attr    iskey    required    userprov    time provisioned         
-----------------------------------------------------------------------------------------------------------------------------------------
 aclipv4filter ttyfilter1    aclipv4filter    ttyfilter1         FilterName    True     X           X           Fri Aug  4 16:10:03 2017 
 srcIp 10.10.10.1            srcIp            10.10.10.1         SourceIp      False                X           Fri Aug  4 16:11:17 2017 
 srcMask 255.255.255.255     srcMask          255.255.255.255    SourceMask    False                X           Fri Aug  4 16:11:30 2017 

Apply The Configuration

localhost(config-aclIPv4Filter)#apply
Applying Config:
id: 1   object: AclIpv4Filter   status: APPLIED CONFIG  valid: True delete: False num user cmds: 3
 command                     attr             value              model attr    iskey    required    userprov    time provisioned         
-----------------------------------------------------------------------------------------------------------------------------------------
 aclipv4filter ttyfilter1    aclipv4filter    ttyfilter1         FilterName    True     X           X           Fri Aug  4 16:10:03 2017 
 srcIp 10.10.10.1            srcIp            10.10.10.1         SourceIp      False                X           Fri Aug  4 16:11:17 2017 
 srcMask 255.255.255.255     srcMask          255.255.255.255    SourceMask    False                X           Fri Aug  4 16:11:30 2017 

sdk:createAclIpv4Filter(ttyfilter1,L4MinPort=0,L4DstPort=0,Proto=,SourceMask=255.255.255.255,DestIp=,L4SrcPort=0,DestMask=,DstIntf=0,SrcIntf=0,L4MaxPort=0,SourceIp=10.10.10.1,L4PortMatch=) result: SUCCESS: http status code: 201

Create that ACL

localhost(config)#acl ttyacl
localhost(config-acl)#aclType VTYv4
localhost(config-acl)#action DENY
localhost(config-acl)#filterName ttyfilter1
localhost(config-acl)#interface ma 1
localhost(config-acl)#priority 10
localhost(config-acl)#stage IN

Verify the Configuration

localhost(config-acl)#showunapplied 
Pending Config
NOTE: If attribute is not user provisioned default values shown, when config is applied a
read before write action will occur to fill in values of attributes not set by user.

id: 1   object: Acl   status: PENDING CONFIG  valid: True delete: False num user cmds: 7
 command                  attr          value         model attr    iskey    required    userprov    time provisioned         
------------------------------------------------------------------------------------------------------------------------------
 acl ttyacl               acl           ttyacl        AclName       True     X           X           Mon Aug  7 10:18:27 2017 
 aclType VTYv4            aclType       VTYv4         AclType       False                X           Mon Aug  7 10:18:40 2017 
 action DENY              action        ['DENY']      Action        False    X           X           Mon Aug  7 10:19:08 2017 
 filterName ttyfilter1    filterName    ttyfilter1    FilterName    False                X           Mon Aug  7 10:19:40 2017 
 interface ma 1           ma            ['1']         IntfList      False    X           X           Mon Aug  7 10:19:48 2017 
 priority 10              priority      10            Priority      False                X           Mon Aug  7 10:19:55 2017 
 stage IN                 stage         IN            Stage         False                X           Mon Aug  7 10:20:05 2017 

Apply the Configuration

localhost(config-acl)#apply
Applying Config:
id: 1   object: Acl   status: APPLIED CONFIG  valid: True delete: False num user cmds: 7
 command                  attr          value         model attr    iskey    required    userprov    time provisioned         
------------------------------------------------------------------------------------------------------------------------------
 acl ttyacl               acl           ttyacl        AclName       True     X           X           Mon Aug  7 10:18:27 2017 
 aclType VTYv4            aclType       VTYv4         AclType       False                X           Mon Aug  7 10:18:40 2017 
 action DENY              action        ['DENY']      Action        False    X           X           Mon Aug  7 10:19:08 2017 
 filterName ttyfilter1    filterName    ttyfilter1    FilterName    False                X           Mon Aug  7 10:19:40 2017 
 interface ma 1           ma            ['1']         IntfList      False    X           X           Mon Aug  7 10:19:48 2017 
 priority 10              priority      10            Priority      False                X           Mon Aug  7 10:19:55 2017 
 stage IN                 stage         IN            Stage         False                X           Mon Aug  7 10:20:05 2017 

sdk:createAcl(ttyacl,['ma1'],['DENY'],Priority=10,AclType=VTYv4,CpuQueue=0,FilterName=ttyfilter1,Stage=IN) result: SUCCESS: http status code: 201

Verify that the Configuration was Successfully Applied

localhost(config)#show acl
Applying Show:
-----------------------------------------------------------------
 AclName    Priority    AclType    Stage    IntfList    HitCount 
-----------------------------------------------------------------
 ttyacl     10          VTYv4      IN       [u'ma1']    0        
sdk:printAclStates() result: SUCCESS