Management Access Control and Administration List

Use the Management Access List Configuration page to create and configure a management access list to help secure access to the switch management features. The Management Access Control and Administration List (MACAL) feature is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.

This page provides the capability to add, edit, and remove MACALs. MACALs can be applied only to in-band ports and cannot be applied to the service port.

To access this page, click System > Management Security > Access Profile in the navigation menu.



Profile rules cannot be added or modified when a profile is active. To add or edit a profile, the Active Profile field must be set to None.
  • To add a new MACAL, click Add. The Add Profile Rule dialog box opens. Specify the rule criteria in the available fields.
  • To edit an existing rule, select the appropriate checkbox or click the row to select the account and click Edit. The Edit Profile Rule box opens. Modify the rule criteria as needed.
  • To remove a Profile Rule, select one or more table entries and click Remove to delete the selected entries.
Click to expand in new window

Management Access List Configuration Fields

Field Description
Access Profile Profile name for the Management Access Control list. One user defined Access Profile can be created.
Active Profile Currently enabled profile name.
Packets Filtered The number of packets filtered due to matching a rule in the MACAL.
Interface The port/interface or trunk ID.
Management Method The types of action will be taken on access control list.
  • Permit: To allow conditions for the management access list.
  • Deny: To deny conditions for the management access list.

In the Add or Edit Profile Rule dialog, this is specified using the Action field.

Source IP Address IP Address of device which needs to permit or deny in the management access list.
Subnet Mask Specifies the network mask of the source IP address.
Port Channel Port channels, also known as LAGs (Link Aggregation Groups), allow one or more full-duplex Ethernet links of the same speed to be aggregated together.
Service The type of service to permit or deny:
  • ANY
  • Telnet
  • HTTP
  • SNMP
  • SSH
  • TFTP
  • SNTP
  • JAVA
Priority Priority for the rule. Duplicates are not allowed.