3com 3CRUS2475 Manuale Utente

C

HAPTER

 21: M

ANAGEMENT

 ACL C

OMMANDS

Management ACL requires a valid management interface, which is a port, 
VLAN, or port-channnel with an IP address or console interface. 
Management ACL only restricts access to the device for management 
configuration or viewing.

The following example creates a management access list called ‘mlist’, 
configures management Ethernet interfaces g1 and g9 and makes the 
new access list the active list.

The following example creates a management access list called ‘mlist’, 
configures all interfaces to be management interfaces except Ethernet 
interfaces g1 and g9 and makes the new access list the active list.

The permit Management Access-List Configuration mode command 
defines a permit rule. 

permit [ethernet interface-number | vlan vlan-id | port-channel 
port-channel-number |] [service service]

permit ip-source ip-address [mask mask | prefix-length] [ethernet 
interface-number | vlan vlan-id | port-channel port-channel-number |] 
[service service]

■

interface-number — A valid Ethernet port number.

Console(config)# management access-list mlist

Console(config-macl)# permit ethernet 1g

Console(config-macl)# permit ethernet g9

Console(config-macl)# exit

Console(config)# management access-class mlist

Console(config)# management access-list mlist

Console(config-macl)# deny ethernet g1

Console(config-macl)# deny ethernet g9

Console(config-macl)# permit

Console(config-macl)# exit

Console(config)# management access-class mlist