Send documentation comments to mdsfeedback-doc@cisco.com
42-12
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 42 Configuring IPv4 and IPv6 Access Control Lists
Example IP-ACL Configuration
Example IP-ACL Configuration
To define an IP-ACL that restricts management access using Device Manager, follow these steps:
Step 1 Choose Security > IP ACL.
You see the IP-ACL dialog box in Figure 42-2.
Step 2 Click Create to create an IP-ACL.
You see the Create IP ACL Profiles dialog box shown in Figure 42-3.
Step 3 Enter RestrictMgmt as the profile name and click Create.
This creates an empty IP-ACL named RestrictMgmt (see Figure 42-8).
Figure 42-8 RestrictMgmt Profile Added to the List
Step 4 Select RestrictMgmt and click Rules.
You see an empty list of IP filters associated with this IP-ACL.
Step 5 Click Create to create the first IP filter.
You see the Create IP Filter dialog box shown in Figure 42-5.
Step 6 Create an IP filter to allow management communications from a trusted subnet:
a. Choose the permit Action and select 0 IP from the Protocol drop-down menu.
b. Set the source IP address to 10.67.16.0 and the wildcard mask to 0.0.0.255.
Note The wildcard mask denotes a subset of the IP Address you want to match against. This
allows a range of addresses to match against this filter.
c. Check the any check box for the destination address.
d. Click Create to create this IP filter and add it to the RestrictMgmt IP-ACL.
Repeat Step a through Step d to create an IP filter that allows communications for all addresses in the
10.67.16.0/24 subnet.
Step 7 Create an IP filter to allow ICMP ping commands:
a. Choose the permit Action and select 1-ICMP from the Protocol drop-down menu.
b. Check the any check box for the source address.
c. Check the any check box for the destination address.
To Next Page
Loading...
Need help?
General
