Management Center services accessible while in a Disabled state
search cancel

Management Center services accessible while in a Disabled state


Article ID: 272044


Updated On:


Management Center - VA Management Center


A service such as HTTP, SNMP or Failover is not enabled in Management Center, but is still accessible from external hosts.


Management Center utilizes the ACL (Access Control List) feature as a host firewall to manage access to system services.

The ACL is enabled by default to prevent access to Failover, HTTP, and SNMP services.

The following rules are present by default,

rule Failover
rule HTTP
rule SNMP
rule ::1/128 Failover
rule ::1/128 HTTP
rule ::1/128 SNMP


The ACL is dynamically updated to remove the respective entries from the ACL when the corresponding feature is enabled as below,

HTTP: security http enable

Failover: failover make-primary or failover make-secondary

SNMP: A rule for a specific host(s) must be added to the ACL as part of the SNMP configuration steps, acl rule x.x.x.x/32 SNMP


System services rely on the ACL feature to manage access to their services, but if the ACL is disabled itself, these services become accessible from all external hosts regardless of their configuration state.


Check if the ACL feature has been disabled using the following command.

MgmtCtr# show running-config acl


If the ACL is in a disabled state, enable it using the following commands.

MgmtCtr# configure t
MgmtCtr(config)# acl enable