R2511-HP MSR Router Series Fundamentals Command Reference(V5)
37
Usage guidelines
After the HTTPS service is associated with an ACL, only the clients permitted by the ACL can access the
device.
The HTTPS service can be associated with a WLAN ACL and basic ACL, and the two types of ACLs will
not overwrite each other. However, ACLs of the same type will overwrite each other. If you execute the ip
https acl command multiple times to associate the HTTPS service with the same type of ACLs, the HTTPS
service is only associated with the ACL specified most recently.
When the HTTPS service is associated with a WLAN ACL, the HTTPS service uses this ACL to filter
wireless clients only, and does not filter wired clients with this ACL.
Examples
# Associate the HTTPS service with ACL 100 to only allow the wireless client with the SSID
user-ssid-name to access the device through HTTP.
<Sysname> system-view
[Sysname] acl number 100
[Sysname-acl-wlan-100] rule permit ssid user-ssid-name
[Sysname-acl-wlan-100] quit
[Sysname] ip https acl 100
# Associate the HTTPS service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network
segment to access the HTTPS server through HTTP.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ip https acl 2001
Related commands
• display ip https
• acl number (ACL and QoS Command Reference)
ip https certificate access-control-policy
Use ip https certificate access-control-policy to associate the HTTPS service with a certificate attribute
access control policy.
Use undo ip https certificate access-control-policy to remove the association.
Syntax
ip https certificate access-control-policy policy-name
undo ip https certificate access-control-policy
Default
The HTTPS service is not associated with any certificate attribute access control policy.
Views
System view
Default command level
3: Manage level