DELL N3000 User Manual

Configuring Access Control Lists

! Further limit inbound traffic on in-band management ports.

! Allow only VLAN 99 SSH and TFTP, no telnet, HTTP, HTTPS, or SNMP. 

! The management access list actions are performed by the switch 

! firmware in addition to the access list actions performed by 

! the switching silicon, e.g. reduce-dos-attacks. Note that

! the switch forces TFTP accesses to use the well-known TFTP port

! number 69.

!

management access-list mgmt-blocks

permit vlan 99 service ssh

permit vlan 99 service tftp

deny vlan 99 

permit service any

exit

! Create an in-band Management VLAN (99), assign it to two ports 

(gi1/0/47 

! and gi1/0/48), and add both ACLs and Management ACLs to ALL ports 

! in global config mode.

vlan 99

exit

interface vlan 99

ip address dhcp

exit

interface gi1/0/47-48

switchport access vlan 99

exit

management access-class mgmt-blocks

line ssh

login authentication default

exit

crypto key generate rsa

crypto key generate dsa

ip ssh server

ip access-list match-all

permit ip any any

exit