< Home

service-manage

Function

The service-manage command allows or blocks HTTP, HTTPS, Ping, SSH, SNMP, NETCONF, or Telnet access to a FW.

Format

service-manage { http | https | ping | ssh | snmp | netconf | telnet | all } { permit | deny }

Parameters

Parameter Description Value

http

Indicates HTTP.

-

https

Indicates HTTPS.

-

ping

Indicates Ping.

-

ssh

Indicates SSH.

-

snmp

Indicates SNMP.

-

netconf

Indicates NETCONF.

-

telnet

Indicates Telnet.

-

all

Indicates all above.

-

permit

Allows access to a FW.

-

deny

Blocks access to a FW.

-

Views

Ethernet interface view, Ethernet sub-interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view, VLANIF interface view, Tunnel interface view, Dialer interface view, Virtual-Template interface view, Management interface view

Default Level

2: Configuration level

Usage Guidelines

After the service-manage enable is enabled on an interface, the HTTP, HTTPS, and Ping services are enabled on the management interface by default in the service-manage command. You can access the device through the management interface without configuring any security policies. The HTTP, HTTPS, Ping, SSH, SNMP, NETCONF, and Telnet services are disabled by default on non-management interfaces. You cannot access the device through non-management interfaces even if security policies are configured to allow the access from the security zones of non-management interfaces to the Local zone.

Packets can access the target interface only when the access management function is enabled on the inbound interface. For example, users want to access GigabitEthernet 0/0/2, and their packets enter the device through GigabitEthernet 0/0/1. The access management function must be enabled on GigabitEthernet 0/0/1. Otherwise, the access to GigabitEthernet 0/0/2 fails.

During Telnet login, data and passwords are transmitted in plaintext mode, causing security risks. To secure data transmission, use STelnet instead.

The access management function controls IPv6 traffic.

For HTTP and HTTPS, if the port number is changed, the service-manage configuration still takes effect. For Telnet, Ping, SSH, NETCONF, and SNMP, if their port numbers change, the service-manage function does not take effect.

Example

# Allow HTTP access to GigabitEthernet 0/0/1 of the FW.

<sysname> system-view
[sysname] interface GigabitEthernet 0/0/1
[sysname-GigabitEthernet0/0/1] service-manage http permit
Parent Topic: Interface Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >