Dell 5324 Management ACL

Management ACL 189

Management ACL

management access-list

The

management access-list

Global

Configuration mode command defines an access-list for

management, and enters the access-list for configuration. Once in the access-list configuration

mode, the denied or permitted access conditions are configured with the

deny

and

permit

commands. To remove an access list, use the

no

form of this command.

Syntax

management access-list

name

no management access-list

name

•

name

—The access list name using up to 32 characters.

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration mode

User Guidelines

• This command enters the access-list configuration mode, where the denied or permitted

access conditions with the

deny

and

permit

commands must be defined.

• If no match criteria are defined the default is "deny".

• If reentering to an access-list context, the new rules are entered at the end of the access-list.

• Use the m

anagement access-class

command to select the active access-list.

• The active management list cannot be updated or removed.

• Management ACL requires a valid management interface (valid IFindex). A valid

management interface is an interface with an IP address. A valid (IFindex) management

interface can be a single port, vlan or port-channel. Management ACL only restricts access to

the device for management configuration or viewing.

Contents

Main Notes, Notices, and Cautions Contents 1 Command Groups 2 Command Modes 3 Using the CLI 4 AAA Commands 5 Address Table Commands DELL CONFIDENTIAL PRELIMINARY 9/12/06 FOR PROOF ONLY 6 Clock 7 Configuration and Image Files 8 Ethernet Configuration Commands 9 GVRP Commands 10 IGMP Snooping Commands 11 IP Addressing Commands DELL CONFIDENTIAL PRELIMINARY 9/12/06 FOR PROOF ONLY 12 LACP Commands 13 Line Commands 14 LLDP Commands 15 Management ACL 16 PHY Diagnostics Commands 17 Port Channel Commands 18 Port Monitor Commands 19 QoS Commands 20 Radius Commands DELL CONFIDENTIAL PRELIMINARY 9/12/06 FOR PROOF ONLY 21 RMON Commands 22 SNMP Commands 23 Spanning-Tree Commands 24 SSH Commands 25 Syslog Commands 26 27 System Management 28 TACACS Commands 29 User Interface 30 VLAN Commands 31 Web Server 32 802.1x Commands Page Page Command Groups Introduction Command Groups Page AAA Commands Address Table Commands Clock Commands 24 Displays statically created entries in the bridge- forwarding database Sets the time zone for display purposes. Manually sets the system clock. Configuration and Image Files Commands Ethernet Configuration Commands Displays the backup configuration file contents. 26 GVRP Commands 28 IGMP Snooping Commands Defines a default gateway (router) Sets an IP address IP Addressing LACP Commands Line Commands Deletes entries from the host name-to-address cache LLDP Commands Sets the line for automatic baud rate detection 30 Management ACL Commands PHY Diagnostics Commands 32 Port Channel Commands Enables the egress queues to be expedite queues Port Monitor Commands QoS Commands Maps assigned CoS values to select one of the egress queues. Radius Commands Enables each port trust state RMON Commands SNMP Commands Spanning Tree Commands Page SSH Commands Overrides the default link-type setting Sets the default path cost method. Syslog Commands System Management Commands Reloads the operating system TACACS Commands 40 User Interface Commands Enters the interface configuration (VLAN) mode. Disables the default VLAN functionality Switches the mode to debug VLAN Commands Reserves a VLAN as the internal usage VLAN of an interface. Web Server Commands 42 Generates and displays certificate requests for HTTPS. Configures the active certificate for HTTPS. Imports a certificate signed by Certification Authority for HTTPS. 802.1x Commands Page Command Modes GC (Global Configuration) Mode Page Page IC (Interface Configuration) Mode Sets an IP address Reserves a VLAN as the internal usage VLAN of an interface. LC (Line Configuration) Mode 50 Enables the Simple Network Time Protocol (SNTP) client on an interface. MA (Management Access-level) Mode PE (Privileged User EXEC) Mode Sets the line for automatic baud rate detection deny (management) Defines a deny rule. permit (management) Defines a permit rule. Page SP (SSH Public Key) Mode UE (User EXEC) Mode Page VC (VLAN Configuration) Mode Page Using the CLI CLI Command Modes Introduction User EXEC Mode Privileged EXEC Mode Global Configuration Mode Interface Configuration Mode and Specific Configuration Modes Starting the CLI Editing Features Terminal Command Buffer Negating the Effect of Commands Command Completion Keyboard Shortcuts CLI Command Conventions Page AAA Commands aaa authentication login aaa authentication enable login authentication enable authentication ip http authentication ip https authentication show authentication methods Page password enable password username show users accounts Page Page Address Table Commands bridge address bridge multicast filtering bridge multicast address Page bridge multicast forbidden address bridge multicast forward-all bridge multicast forbidden forward-all bridge aging-time clear bridge port security port security routed secure-address show bridge address-table Page show bridge address-table static show bridge address-table count show bridge multicast address-table 90 show bridge multicast filtering show ports security Page Clock clock set clock source clock timezone + clock summer-time sntp authentication-key sntp authenticate sntp trusted-key sntp client poll timer sntp broadcast client enable sntp anycast client enable sntp client enable (interface) sntp unicast client enable sntp unicast client poll sntp server show clock Page show sntp configuration show sntp status Page Page Configuration and Image Files delete startup-config copy Page Page boot system show running-config show startup-config Page show backup-config Page show bootvar Ethernet Configuration Commands interface ethernet interface range ethernet shutdown description speed duplex negotiation flowcontrol mdix back-pressure port jumbo-frame clear counters set interface active show interfaces configuration Page show interfaces status 130 show interfaces description show interfaces counters Page Page Page show ports jumbo-frame port storm-control include-multicast port storm-control broadcast enable port storm-control broadcast rate 0-65535) show ports storm-control Page GVRP Commands gvrp enable (global) gvrp enable (interface) garp timer gvrp vlan-creation-forbid gvrp registration-forbid clear gvrp statistics show gvrp configuration show gvrp statistics show gvrp error-statistics Page IGMP Snooping Commands ip igmp snooping (Global) ip igmp snooping (Interface) ip igmp snooping mrouter ip igmp snooping host-time-out ip igmp snooping mrouter-time-out ip igmp snooping leave-time-out show ip igmp snooping mrouter show ip igmp snooping interface show ip igmp snooping groups Page Page IP Addressing Commands clear host dhcp ip address ip address dhcp ip default-gateway show ip interface arp arp timeout clear arp-cache show arp ip domain-lookup ip domain-name ip name-server ip host clear host ) show hosts 168 LACP Commands lacp system-priority lacp port-priority lacp timeout show lacp ethernet show lacp port-channel Page Line Commands line bps speed autobaud exec-timeout show line terminal history terminal history size Page Page LLDP Commands lldp enable (global) Syntax lldp enable (interface) lldp timer lldp reinit-delay lldp tx-delay lldp optional-tlv lldp management-address clear lldp rx show lldp configuration show lldp local show lldp neighbors Page Page Management ACL management access-list permit (management) deny (management) management access-class show management access-list show management access-class Page PHY Diagnostics Commands test copper-port tdr show copper-ports tdr show copper-ports cable-length show fiber-ports optical-transceiver 198 The following example displays the optical transceiver diagnostics. The following example displays detailed optical transceiver diagnostics. Page Port Channel Commands interface port-channel interface range port-channel channel-group port channel load balance show interfaces port-channel Page Port Monitor Commands port monitor show ports monitor Page Page QoS Commands qos show qos wrr-queue cos-map wrr-queue bandwidth priority-queue out num-of-queues show qos interface qos map dscp-queue qos trust (Global) qos trust (Interface) qos cos show qos map Page Radius Commands radius-server host radius-server key radius-server retransmit radius-server source-ip radius-server timeout radius-server deadtime show radius-servers 224 The following example displays the RADIUS server settings. RMON Commands show rmon statistics 226 The following table describes the significant fields shown in the display: rmon collection history show rmon collection history show rmon history Page Page rmon alarm show rmon alarm-table show rmon alarm Page rmon event show rmon events show rmon log Page rmon table-size SNMP Commands snmp-server community snmp-server view snmp-server filter snmp-server contact snmp-server location snmp-server enable traps snmp-server trap authentication snmp-server host snmp-server set This snmp-server group snmp-server user Page snmp-server v3-host snmp-server engineID local show snmp engineid show snmp show snmp views show snmp groups show snmp filters show snmp users Page Page Spanning-Tree Commands spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree priority spanning-tree disable spanning-tree cost spanning-tree port-priority spanning-tree portfast spanning-tree link-type spanning-tree mst priority spanning-tree mst max-hops spanning-tree mst port-priority spanning-tree mst cost spanning-tree mst configuration instance (mst) name (mst) revision (mst) show (mst) exit (mst) abort (mst) spanning-tree pathcost method spanning-tree bpdu clear spanning-tree detected-protocols show spanning-tree Page Page Page Page Page Page Page Page Page Page Page spanning-tree mst mstp-rstp Spanning-tree guard root Page SSH Commands ip ssh port ip ssh server crypto key generate dsa crypto key generate rsa ip ssh pubkey-auth crypto key pubkey-chain ssh user-key key-string show ip ssh show crypto key mypubkey show crypto key pubkey-chain ssh Page Page Syslog Commands logging on logging logging console logging buffered logging buffered size clear logging logging file clear logging file show logging show logging file show syslog-servers Page Page System Management ping traceroute Page Page telnet Page Ports Table resume reload hostname show users show sessions show system show version asset-tag show system id TACACS Commands tacacs-server host tacacs-server key tacacs-server timeout tacacs-server source-ip show tacacs User Interface enable disable login configure exit(configuration) exit(EXEC) end help history history size debug-mode show history show privilege VLAN Commands vlan database vlan default-vlan disable interface vlan interface range vlan name switchport access vlan switchport trunk allowed vlan switchport trunk native vlan switchport general allowed vlan switchport general pvid switchport general ingress-filtering disable switchport general acceptable-frame-type tagged-only switchport forbidden vlan map protocol protocols-group switchport general map protocols-group vlan ip internal-usage-vlan show vlan show vlan internal usage show vlan protocols-groups show interfaces switchport switchport mode switchport customer vlan vlan-id Web Server ip http server ip http port ip https server ip https port crypto certificate generate crypto certificate request Page crypto certificate import ip https certificate crypto certificate export pkcs12 Example The following example exports the certificate and RSA keys. crypto certificate import pkcs12 Page show crypto certificate mycertificate show ip http show ip https Page 802.1x Commands aaa authentication dot1x dot1x system-auto-control dot1x port-control dot1x re-authentication dot1x timeout re-authperiod dot1x re-authenticate dot1x timeout quiet-period dot1x timeout tx-period dot1x max-req dot1x timeout supp-timeout dot1x timeout server-timeout show dot1x 380 The following table describes the significant fields shown in the display: show dot1x users show dot1x statistics Page ADVANCED FEATURES dot1x auth-not-req dot1x multiple-hosts dot1x single-host-violation ) show dot1x advanced The following example displays 802.1X advanced features for the switch.