Controlling Management Access 213
Controlling Management Access (CLI)
This section provides information about the commands you use to control
access to the switch management interface. For more information about
these commands, see the
PowerConnect 7000 Series CLI Reference Guide
.
Configuring a Management Access List
Beginning in Privileged EXEC mode, use the following commands to create a
management access list. There is an implicit deny-all rule at the end of every
management ACL. This means that any host that does not meet the criteria
defined in a permit command is denied access to the management interface.
NOTE: Management ACLs can be applied only to in-band ports and cannot be
applied to the OOB port.
Command Purpose
configure Enter Global Configuration mode.
management access-list
name
Define an access list for management, and enter the
access-list for configuration.
permit ip-source
ip-
address
[mask
mask
|
prefix-length
] [
interface-
type interface-number
]
[service
service
] [priority
priority-value
]
Allow access to the management interface from hosts that
meet the specified IP address value and other optional
criteria.
•
interface-type
interface-number
— A valid port, LAG, or
VLAN interface, for example gi1/0/13, port-channel 3, or
vlan 200.
•
ip-address
— Source IP address.
•
mask
mask
— Specifies the network mask of the source
IP address.
•
mask
prefix-length
— Specifies the number of bits that
comprise the source IP address prefix. The prefix length
must be preceded by a forward slash (/). (Range: 0–32)
•
service
service
— Indicates service type. Can be one of
the following: telnet, ssh, http, https, tftp, snmp, sntp, or
any.
•
priority
priority-value
— Priority for the rule. (Range: 1 –
64)
To Next Page
Loading...
