service-manage enable

Function

The service-manage enable command enables interface-specific access control.

The undo service-manage enable command disables interface-specific access control.

Format

service-manage enable

undo service-manage enable

Parameters

None

Views

Ethernet interface view, Ethernet sub-interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view, VLANIF interface view, Tunnel interface view, Dialer interface view, Virtual-Template interface view, Management interface view

Default Level

2: Configuration level

Usage Guidelines

By default, access control is enabled on interfaces. the HTTP, HTTPS, and ping permissions on the management interface are enabled by default. Other interfaces also have the access control management function enabled, but no protocols are allowed.

The interface-specific access control function takes precedence over security policies. For example, if the access control function is enabled on a firewall interface and ping to the interface is not allowed, the firewall cannot be accessed even if security policy is configured. If the ping function is enabled on the interface, the firewall can be accessed without security policy. Therefore, to access a firewall through the preceding protocols, you can use either of the following methods:

Interface-specific access control: Enable the interface-specific access control function and allow firewall access through a specified protocol.
Security policy: Disable the interface-specific access control function and configure a security policy to permit the traffic of the specified protocol.

The access management function controls IPv6 traffic.

Example

# Disable the control access to GigabitEthernet 0/0/1.

<sysname> system-view
[sysname] interface GigabitEthernet 0/0/1
[sysname-GigabitEthernet0/0/1] undo service-manage enable