DELL 8132 ユーザーズマニュアル
Management ACL Commands
1523
68
Management ACL Commands
In order to ensure the security of the switch management features, the
administrator may elect to configure a management access control list. The
Management Access Control and Administration List (ACAL) component is
used to ensure that only known and trusted devices are allowed to remotely
manage the switch via TCP/IP. Management ACLs are only configurable on
IP (in-band) interfaces, not on the out-of-band interface or the serial port.
When a Management ACAL is enabled, incoming TCP packets initiating a
When a Management ACAL is enabled, incoming TCP packets initiating a
connection (TCP SYN) and all UDP packets will be filtered based on their
source IP address and destination port. Additionally, other attributes such as
incoming port (or port-channel) and VLAN ID can be used to determine if
the traffic should be allowed to the management interface. When the
component is disabled, incoming TCP/UDP packets are not filtered and are
processed normally.
There is also an option to restrict all the above packets from the network
There is also an option to restrict all the above packets from the network
interface. This is done by specifying “console only” in the MACAL
component. If this is enabled, the systems management interface is only
accessible via the serial port. All TCP SYN packets and UDP packets are
dropped except UDP packets sent to the DHCP Server or DHCP Client
ports.
Commands in this Chapter
This chapter explains the following commands:
2CSPC4.X8100-SWUM102.book Page 1523 Friday, March 15, 2013 8:56 AM