Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 CLI Commands by Level : Access Control List CONFIG Commands

Access Control List CONFIG Commands
All CLI Access Control List CONFIG commands for configuring client connection access control parameters are listed in Table 11 in alphabetical order.
All CLI Access Control List CONFIG commands for configuring subject access controls for ACL client profiles are listed in Table 12 in alphabetical order.
The Access Control List CONFIG level allows you to configure client connection access controls for the P-7500 system. It also allows you to create and configure ACL client profiles for controlling to subject publishing and subscriptions.
You reach this level by entering either acl client-connect or create acl profile <name> (or acl profile <name> if the profile already exists) at the Global CONFIG level, where name is the name of the specified ACL profile.
Client connection example:
tibco# configure
tibco(config)# acl client-connect
tibco(config-acl-cc)#
The CLI is now at the ACL Client Connect CONFIG level for configuring client connection access control parameters default-action and exception.
Note: The no version (no acl client-connect) removes the client connection access control configuration from the P-7500 system.
ACL client profile example:
tibco# configure
tibco(config)# create acl profile bob
tibco(config-acl-profile)#
The CLI is now at the ACL Profile CONFIG level for configuring subject access control parameters default-action and exception on ACL client profiles.
Note: The no version (no acl profile <name>) deletes the specified ACL profile from the P-7500 system.
Table 12 Access Control List CONFIG Commands for ACL client profiles
(config-acl-cc)# default-action
Description
Use this command to set the default action for client connection access attempts.
Syntax
default-action {allow | disallow}
Where:
allow configures the client connection access to allow connections
disallow configures the client connection access to block connections (system default)
Example
tibco# configure
tibco(config)# acl client-connect
tibco(config-acl-cc)# default-action allow
(config-acl-cc)# exception
Description
Use this command to set the exceptions to the default action for client connection access attempts.
The no version removes the excepted client from the default action.
Syntax
exception cidr-addr
Where:
cidr-addr is the IP address and network mask combination of the excepted client in Classless Inter-Domain Routing (CIDR) form: nnn.nnn.nnn.nnn/dd (where nnn is 0-255, dd is 0-32)
Example
tibco# configure
tibco(config)# acl client-connect
tibco(config-acl-cc)# exception 172.200.0.0/16
(config-acl-profile)# publish-subject
Description
Use this command to configure the publishing subject access control parameters for ACL profiles.
Syntax
publish-subject
The publish-subject command does not have any parameters of subcommands.
Example
Entering the publish-subject ACL Profile CONFIG command moves you to the ACL Profile Publish Subject CONFIG level for configuring parameters default-action and exception.
tibco(config-acl-profile)# publish-subject
tibco(config-acl-profile-publish-subject)#
(config-acl-profile-publish-subject)# default-action
Description
Use this command to set the default action for publishing subject access attempts.
Syntax
default-action {allow | disallow}
Where:
allow configures the publishing subject access to allow the publishing of subjects (system default)
disallow configures the publishing subject access to block the publishing of subjects
Example
tibco# configure
tibco(config)# create acl profile bob
tibco(config-acl-profile)# publish-subject
tibco(config-acl-profile-publish-subject)# default-action disallow
(config-acl-profile-publish-subject)# exception
Description
Use this command to set the exceptions to the default action for publishing subject access attempts.
Syntax
exception <subject>
Where:
<subject> is the name of the publishing subject to be excepted in the form a.b.c
Example
tibco# configure
tibco(config)# create acl profile bob
tibco(config-acl-profile)# publish-subject
tibco(config-acl-profile-publish-subject)# exception animals.canines.dogs
(config-acl-profile)# subscribe-subject
Description
Use this command to configure the subscription subject access control parameters for ACL profiles.
Syntax
subscribe-subject
The subscribe-subject command does not have any parameters of subcommands.
Example
Entering the subscribe-subject ACL Profile CONFIG command moves you to the ACL Profile Subscribe Subject CONFIG level for configuring parameters default-action and exception.
tibco(config-acl-profile)# subscribe-subject
tibco(config-acl-profile-subscribe-subject)#
(config-acl-profile-subscribe-subject)# default-action
Description
Use this command to set the default action for subscription subject access attempts.
Syntax
default-action {allow | disallow}
Where:
allow configures the subscription subject access to allow the subscribing to subjects (system default)
disallow configures the subscription subject access to block the subscribing to subjects
Example
tibco# configure
tibco(config)# create acl profile bob
tibco(config-acl-profile)# subscribe-subject
tibco(config-acl-profile-subscribe-subject)# default-action disallow
(config-acl-profile-subscribe-subject)# exception
Description
Use this command to set the exceptions to the default action for subscription subject access attempts.
Syntax
exception <subject>
Where:
<subject> is the name of the subscription subject to be excepted in the form a.b.c
Example
tibco# configure
tibco(config)# create acl profile bob
tibco(config-acl-profile)# subscribe-subject
tibco(config-acl-profile-subscribe-subject)# exception animals.felines.cats

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved