management access-listDell™ PowerConnect™ 3324/3348 Switch CLI Guide
Use the management access-list configuration command to define an access-list for management and enter the access-list context for configuration. If you re-enter the command, all the access-list rules for the existing access-list are implicitly removed. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command.
management access-list name
no management access-list name
This command has no default configuration.
Management Access-list Configuration Mode
Use the management access-class command to select which access-list is active.
The active access-list cannot be updated or removed.
The following example shows how to create an access-list, configure two management interfaces, and make the access-list the active list.
The following example shows how to create an access-list, configure all interfaces to be management interfaces except interfaces ethernet 1/e1 and ethernet 2/e9, and make the access-list the active list.
Use the permit management access-list configuration command to define a permit rule.
permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
permit ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
This command has no default configuration.
Management Access-list Configuration Mode
Where no parameters are entered, all ports are automatically configured as permitted.
The following example permits all ports in the access-list called mlist.
Console (config)# management access-list mlist Console (config-macl)# permit |
Use the deny management access-list configuration command to define a deny rule.
deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service]
This command has no default configuration.
Management Access-list Configuration Mode
Where no parameters are entered, all ports are automatically configured as denied.
The following example denies all ports in the access-list.
Console (config)# management access-list mlist Console (config-macl)# deny |
Use the management access-class global configuration command to define which management access-list is used. To disable the restrictions, use the no form of this command.
management access-class {console-only | name}
no management access-class
The default is no restictions.
Global Configuration Mode
There are no user guidelines for this command.
The following example configures an access-list as the management access-list.
Console (config)# management access-class mlist |
Use the show management access-list privileged EXEC command to display management access-lists.
show management access-list [name]
This command has no default configuration.
Privileged EXEC Mode
There are no user guidelines for this command.
The following example displays the active management access-list.
Console# show management access-list mlist ----- permit ethernet 1/e1 permit ethernet 2/e9 ! (Note: all other access implicitly denied) |
Use the show management access-class user EXEC command to display the active management access-list.
show management access-class
This command has no default configuration.
User EXEC Mode
There are no user guidelines for this command.
The following example displays the management access-list information.
Console> show management access-class Management access-class is enabled, using access list mlist |