Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsEMC PowerSwitch N3100 Series
1151115211531154115511561157115811591160
Security Commands 1157
console(config)# management access-list mlist
console(config-macal)# deny
management access-class
Use the management access-class command in Global Configuration mode
to restrict switch management connections. To disable any restrictions, use
the no form of this command.
Syntax
management access-class {console-only | name}
no management access-class
name — A valid access-list name. (Range: 1–32 characters)
console-only — The switch can be managed only from the console.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration mode
User Guidelines
The active management access-list processes IPv4 TCP/UDP packets only.
Packets for certain management protocols are allowed to pass to the CPU
without processing by the management ACL list. Specifically, TCP or UDP
packets addressed to the following destination port numbers are not
processed by the management ACL list: DNS(53), DHCP Server(67), DHCP
Client (68), TFTP(69), telnet(23), HTTP(80), HTTPS(443), SNMP(161),
SSH(22), and JAVA(4242). A rate-limiting egress CPU ACL would be ideal to
mitigate smurf style attacks on these ports.
Only a single management access list can be active at a time. However, it can
have up to 64 permit/deny conditions.
Example
The following example configures an access-list called mlist as the
management access-list.