Controlling Management Access 227
Management Access Configuration Examples
This section contains the following examples:
• Configuring a Management Access List
• Configuring an Authentication Profile
• Configuring the Primary and Secondary RADIUS Servers
• Configuring Password Lockout
Configuring a Management Access List
The commands in this example create a management ACL that permits
access to the switch through the in-band switch ports on VLAN 1 and on port
9 from hosts with an IP address in the 10.27.65.0 subnet. Attempts to access
the management interfaces from any other hosts and on any other interfaces
is denied.
To configure the switch:
1
Create a management ACL and enter the configuration mode for the
ACL.
console#configure
console(config)#management access-list mgmt_ACL
2
Create a rule that allows access from hosts in the 10.27.65.0 network on
VLAN 1 and assign a priority of 1 to the rule.
console(config-macl)#permit ip-source 10.27.65.0
mask 255.255.255.0 vlan 1 priority 1
3
Create a rule that allows access from hosts in the 10.27.65.0 network on
connected to port 9 and assign a priority of 2 to the rule.
console(config-macl)#permit ip-source 10.27.65.0
mask 255.255.255.0 Gi1/0/9 priority 2
console(config-macl)#exit
4
Activate the ACL.
console(config)#management access-class mgmt_ACL
console(config)#exit
To Next Page
Loading...
