AT-9000 Switch Command Line User’s Guide
1265
Assigning Named
IPv4 and IPv6
ACLs to VTY
Lines
When you create a named IPv4 or IPv6 ACL, you enter the commands in
the IP ACL command mode or the Configuration IPv6 ACL command
mode, respectively. The following examples show how to assign IPv4 and
IPv6 ACLs to VTY lines. See the following:
“Assigning Named IPv4 ACLs to VTY Lines” on page 1265
“Assigning Named IPv6 ACLs to VTY Lines” on page 1266
Assigning Named IPv4 ACLs to VTY Lines
This example creates a Named IPv4 ACL, called “deny-all-but-one,” that
grants IP address 10.0.0.7 full access to the switch and then denies all IP
addresses access to the switch. Then deny-all-but-one is assigned to all
ten VTY lines with the ACCESS-CLASS command. The result of this
example is that only IP address 10.0.0.7 has remote access to the switch.
See Table 139.
awplus(config)# mac access-list
4000 permit ip host 10.0.0.5 host
10.0.0.20
Creates an ACL with an ID number of
4000 that allows IP address 10.0.0.5 full
access to the switch.
awplus(config)# mac access-list
4001 deny ip any host 10.0.0.20
Creates an ACL with an ID number of
4001 that denies all IP addresses access
to the switch.
awplus(config)# line vty 0 9 Access the LINE VTY mode for lines 0
through 9.
awplus(config-line)# access-
class 4000
Assigns ACL 4000 to VTY lines 0 through
9.
awplus(config-line)# access-
class 4001
Assigns ACL 4001 to VTY lines 0 through
9.
Table 138. Assigning MAC ACLs to VTY Lines Example (Continued)
Command Description
Table 139. Assigning Named IPv4 ACLs to VTY Lines Example
Command Description
awplus> enable Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# interface vlan10 Enter the Port Interface mode for VLAN
10.
To Next Page
Loading...
