Suppose I have a network with user A and node B, which is a subnet router advertising some routes.
Does an ACL restricting the user A from the node B also restrict the user's access to the routes, given that they can't access the node? Or does this work differently and the user can still access the subnet routes?
ACLs specify what you want to have access to by IP, and don't limit discovery of routes. You can restrict a node's 100.x.y.z IP separately from ACLs on the IPs it routes. This of course depends on there being an advertised path that allows for a connection.
So, you could create an ACL to allow access to a subnet without allowing access to the node advertising it.
You could also create an ACL to allow access to only certain subnets, for example:
{
“Action”: “accept”,
“Users”: [“group:admins”],
“Ports”: [“10.0.48.0/24:22”],
}
This should give access to the 10.0.48.0/24 subnet on port 22.