Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

no management access-list

This command deletes the MACAL identified by name from the system.

Format no management access-list name
Mode Global Config

{deny | permit} (Management ACAL)

This command creates a new rule for the current management access list. A rule may either deny or permit traffic according to the specified classification fields. Rules with ethernet, vlan and port-channel parameters will be valid only if an IP address is defined on the appropriate interface. Each rule should have a unique priority.

Format {deny | permit} [ethernet interface-number | vlan vlan-id | port-channel number] [service service] [priority priority-value]

{deny | permit} ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service] [priority priority-value]
Mode Management-ACAL Config
Parameter Description
ethernet Ethernet port number.
ip-source Source IP address
port-channel Port-channel number.
priority Priority for rule.
service Service type condition, which can be one of the following key words:
  • java
  • tftp
  • telnet
  • ssh
  • http
  • https
  • snmp
  • sntp
  • any
vlan VLAN number.
mask The network mask of the source IP address (0–32)
prefix-length The number of bits that comprise the source IP address prefix. prefix length must be preceded by a forward slash (/).

The following example shows how to configure two management interfaces:

ethernet 0/1 and ethernet 0/9.
(Extreme 220) (Config) #management access-list mlist
(Extreme 220) (config-macal)#permit ethernet 0/1 priority 63
(Extreme 220) (config-macal)#permit ethernet 0/9 priority 64
(Extreme 220) (config-macal)#exit
(Extreme 220) (Config) #management access-class mlist

The following example shows how to configure all the interfaces to be management interfaces except for two interfaces: ethernet 0/1 and ethernet 0/9.

(Extreme 220) (Config) #management access-list mlist
(Extreme 220) (config-macal)#deny ethernet 0/1 priority 62
(Extreme 220) (config-macal)#deny ethernet 0/9 priority 63
(Extreme 220) (config-macal)#permit priority 64
(Extreme 220) (config-macal)#exit
Published February 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page