Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About this Guide
- Notational Conventions
Introduction
- WiNG 7.1.X Operating System Overview
- CLI Overview
User Exec Mode Commands
- user-exec-commands
  - captive-portal-page-upload
  - change-password
  - clear
  - clock
  - cluster
  - commit
  - connect
  - crypto
  - create-cluster
  - crypto-cmp-cert-update
  - database
  - database-backup
  - database-restore
  - device-upgrade
  - enable
  - file-sync
  - help
  - join-cluster
  - l2tpv3
  - logging
  - mint
  - no
  - on
  - opendns
  - page
  - ping
  - ping6
  - ssh
  - telnet
  - terminal
  - time-it
  - traceroute
  - traceroute6
  - virtual-machine
  - watch
  - exit
Privileged Exec Mode Commands
- privileged-exec-commands
  - archive
  - boot
  - cd
  - configure
  - copy
  - cpe
  - delete
  - diff
  - dir
  - disable
  - edit
  - erase
  - ex3500
  - factory-reset
  - gps
  - halt
  - mkdir
  - more
  - operational-mode
  - pwd
  - re-elect
  - reload
  - rename
  - rmdir
  - self
  - t5
  - upgrade
  - upgrade-abort
  - raid
  - no
Global Configuration Commands
- global-config-commands
Common Commands
- common-commands
  - clrscr
  - commit
  - exit
  - help
  - no
  - revert
  - service
  - show
  - write
Show Commands
- show-commands
  - show
  - adoption
  - bluetooth
  - boot
  - bonjour
  - captive-portal
  - captive-portal-page-upload (show commands)
  - cdp
  - classify-url
  - clock
  - cluster
  - cmp-factory-certs
  - commands
  - context
  - critical-resources
  - crypto
  - database
  - device-upgrade
  - dot1x
  - dpi
  - environmental-sensor
  - event-history
  - event-system-policy
  - ex3500
  - extdev
  - fabric-attach
  - file
  - file-sync
  - firewall
  - global
  - gps (show command)
  - gre
  - guest-registration
  - interface
  - iot-device-type-imagotag
  - ip
  - ip-access-list-stats
  - ipv6
  - ipv6-access-list
  - l2tpv3
  - lacp
  - ldap-agent
  - licenses
  - lldp
  - logging
  - mac-access-list-stats
  - mac-address-table
  - macauth
  - mac-auth-clients
  - mint
  - ntp
  - password-encryption
  - pppoe-client
  - privilege
  - radius
  - reload
  - rf-domain-manager
  - role
  - route-maps
  - rtls
  - running-config
  - session-changes
  - session-config
  - sessions
  - site-config-diff
  - smart-rf
  - snmpv3 (show command)
  - spanning-tree
  - startup-config
  - t5
  - terminal
  - timezone
  - traffic-shape
  - tron (show command)
  - upgrade-status
  - version
  - vrrp
  - virtual-machine
  - wireless
  - web-filter
  - what
  - wwan
Profiles
- Profile Config Commands
- Device Config Commands
  - adoption-site
  - area
  - channel-list
  - contact
  - country-code
  - floor
  - geo-coordinates
  - hostname
  - lacp
  - layout-coordinates
  - license
  - location
  - mac-name
  - no
  - nsight
  - override-wlan
  - remove-override
  - rsa-key
  - sensor-server
  - timezone
  - trustpoint (device-config-mode)
  - raid
- T5 Profile Config Commands
  - cpe
  - interface
  - ip
  - no
  - ntp
  - override-wlan
  - t5
  - t5-logging
  - use
- EX3524 & EX3548 Profile/Device Config Commands
  - interface
    - interface
    - interface-ge-config commands
      - access-group
      - port
      - power
      - shutdown
      - speed-duplex
      - switch-port
      - use
      - no
    - interface-vlan-config commands
      - ip
      - no
  - ip
  - power
  - upgrade
  - use
  - no
AAA Policy
- aaa-policy-commands
Auto-Provisioning Policy
- auto-provisioning-policy-commands
  - adopt
  - auto-create-rfd-template
  - default-adoption
  - deny
  - evaluate-always
  - redirect
  - upgrade
  - no
    - upgrade
Association-ACL Policy
- Association-acl-policy-commands
  - deny
  - permit
  - no
Access-List Policy
- ip-access-list
- mac-access-list
- ipv6-access-list
- ip-snmp-access-list
- ex3500-ext-access-list
- ex3500-std-access-list
DHCP-Server Policy
- dhcp-server-policy commands
- dhcpv6-server-policy commands
Firewall Policy
- firewall-policy-commands
  - acl-logging
  - alg
  - clamp
  - dhcp-offer-convert
  - dns-snoop
  - firewall
  - flow
  - ip
  - ip-mac
  - ipv6
  - ipv6-mac
  - logging
  - proxy-arp
  - proxy-nd
  - stateful-packet-inspection-12
  - storm-control
  - virtual-defragmentation
  - no
MiNT Policy
- mint-policy-commands
  - level
  - lsp
  - mtu
  - router
  - udp
  - no
Management Policy
- management-policy-commands
RADIUS Policy
- radius-group
  - guest
  - policy
  - rate-limit
  - no
- radius-server-policy
  - authentication
  - bypass
  - chase-referral
  - crl-check
  - ldap-agent
  - ldap-group-verification
  - ldap-server
  - local
  - nas
  - proxy
  - session-resumption
  - termination
  - use
  - no
- radius-user-pool-policy
  - duration
  - user
  - no
Radio-QoS Policy
- radio-qos-policy-commands
Role Policy
- role-policy-commands
SMART-RF Policy
- smart-rf-policy commands
WIPS Policy
- wips-policy-commands
WLAN-QoS Policy
- WLAN-QOS-Policy commands
L2TPv3 Policy
- l2tpv3-policy-commands
- l2tpv3-tunnel-commands
- l2tpv3-manual-session-commands
Router Mode
- router-mode-commands
Routing Policy
- routing-policy-commands
AAA-TACACS Policy
- aaa-tacacs-policy-commands
Meshpoint Policy
- Meshpoint Policy
Passpoint Policy
- passpoint-policy
Crypto-CMP Policy
- crypto-cmp-policy-instance
- other-cmp-related-commands
  - use (other-cmp-related-commands)
  - show (other-cmp-related-commands)
Roaming Assist Policy
- roaming-assist-policy commands
Border Gateway Protocol
- bgp ip-prefix-list
- bgp ip-access-list
- bgp as-path-list
- bgp community-list
- bop ext-community-list
- bgp route-map
- bgp router-config
- bgp neighbor-config
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN
WiNG 7.1 AP Dual Modes of Operation
- Understanding Dual Mode Capability
WiNG AP505 and AP510 REV AA Upgrade Procedure
- Introduction
- Bulk 'Rev: AA' AP505/AP510 Upgrade through Virtual Controller
- Bulk 'Rev:AA' AP5XX Upgrade through WiNG Controller/ExtremeCloud Appliance

ipv6 (management-policy)

Restricts management access to specified hosts and/or subnets based on their IPv6 addresses and prefixes respectively

Supported in the following platforms:

Access Points — AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

ipv6 restrict-access [host|ipv6-access-list|subnet]

ipv6 restrict-access host <IPv6> {log|subnet}

ipv6 restrict-access host <IPv6> {log [all|denied-only]}

ipv6 restrict-access host <IPv6> {subnet <IPv6-PREFIX> {log [all|denied-only]}}

ipv6 restrict-access ipv6-access-list <IPv6-ACCESS-LIST-NAME>

ipv6 restrict-access subnet <IPv6-PREFIX> {host|log}

ipv6 restrict-access subnet <IPv6-PREFIX> {log [all|denied-only]}

ipv6 restrict-access subnet <IPv6-PREFIX> {host <IPv6> {log [all|denied-only]}}

Parameters

ipv6 restrict-access host <IPv6> {log [all|denied-only]}

host <IPv6>	Restricts management access to a specified host, based on the host‘s IPv6 address <IPv6> – Specify the host‘s IPv6 address.
log [all\|denied-only]	Optional. Configures a logging policy for access requests all – Logs all access requests, both denied and permitted denied-only – Logs only denied access events (when a host is denied access)

ipv6 restrict-access host <IPv6> {subnet <IPv6-PREFIX> {log [all|denied-only]}}

host <IPv6>	Restricts management access to a specified host, based on the host‘s IPv6 address <IPv6> – Specify the host‘s IPv6 address.
subnet <IPv6-PREFIX>	Optional. Restricts access to the host on a specified IPv6 subnet <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
log [all\|denied-only]	Optional. Configures a logging policy for access requests all – Logs all access requests, both denied and permitted denied-only – Logs only denied access events (when a host/subnet is denied access)

ipv6 restrict-access ipv6-access-list <IPv6-ACCESS-LIST-NAME>

ipv6-access-list <IPv6-ACCESS-LIST-NAME>

Uses an IPv6 ACL (Access Control List) to filter access requests. IPv6 ACLs filter/mark packets based on the IPv6 address from which they arrive. IPv6 hosts configure themselves automatically when connected to an IPv6 network using the ND (neighbor discovery) protocol via ICMPv6 router discovery messages. These hosts require firewall packet protection unique to IPv6 traffic, as IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. An existing IPv6 ACL can be created and used in the management policy context to permit or deny access to specific hosts and/or subnets.

<IPv6-ACCESS-LIST-NAME> – Specify the IPv6 ACL name.

ipv6 restrict-access subnet <IPv6-PREFIX> {log [all|denied-only]}

subnet <IPv6-PREFIX>	Restricts management access to a specified IPv6 subnet <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
log [all\|denied-only]	Optional. Configures a logging policy for access requests all – Logs all access requests, both denied and permitted denied-only – Logs only denied access events (when a host/subnet is denied access)

ipv6 restrict-access subnet <IPv6-PREFIX> {host <IPv6> {log [all|denied-only]}}

subnet <IPv6-PREFIX>	Restricts management access to a specified IPv6 subnet <IPv6-PREFIX> – Specify the subnet‘s IPv6 prefix in the X:X::X:X/M format.
host <IPv6>	Optional. Restricts management access to a specific host within the specified subnet <IPv6> – Specify the host‘s IPv6 address.
log [all\|denied-only]	Optional. Configures a logging policy for access requests all – Logs all access requests, both denied and permitted denied-only – Logs only denied access events (when a host/subnet is denied access)

Example

rfs4000-6DB5D4(config-management-policy-test)#ipv6 restrict-access host 2001:fdbc:06cf:0011::13 subnet 2001:fdbc:06cf:0011::0/64 log all

rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 ipv6 restrict-access host 2001:fdbc:06cf:0011::13 subnet 2001:fdbc:06cf:0011::0/64 log all
rfs4000-6DB5D4(config-management-policy-test)#

Related Commands

no	Removes management access restriction settings

Published April 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback