Example 1: Permit Any Host To Access The Switch Through; Telnet Or Http; Example 2: Permit A Specific Host To Access The Switch; Through Ssh Only - NETGEAR M4200 Software Administration Manual

The following examples show how to configure a management ACL.

Example 1: Permit Any Host to Access the Switch Through

Telnet or HTTP:

Permit any host to access the managed VLAN IP address of 169.254.100.100 through a
Telnet or HTTP connection:
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq telnet
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq http
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#deny every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane

Example 2: Permit a Specific Host to Access the Switch

Through SSH Only

Permit a specific host access the switch over an SSH connection only.
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any
(Netgear Switch) (Config-ipv4-acl)#permit every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane

Configure IPv6 ACLs

This feature extends the existing IPv4 ACL by providing support for IPv6 packet
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
• Source IPv6 prefix
• Destination IPv6 prefix
• Protocol number
• Source Layer 4 port
• Destination Layer 4 port
• DSCP value
• Flow label
Managed Switches
eq ssh
ACLs
213
0.0.0.0 any eq ssh