Chapter 42
Configuring IPv4 and IPv6 Access Control Lists
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
You see the newly associated access list in the list of IP-ACLs.
Example IP-ACL Configuration
To define an IP-ACL that restricts management access using Device Manager, follow these steps:
Step 1
Choose Security > IP ACL.
You see the IP-ACL dialog box in
Click Create to create an IP-ACL.
Step 2
You see the Create IP ACL Profiles dialog box shown in
Enter RestrictMgmt as the profile name and click Create.
Step 3
This creates an empty, IP-ACL named RestrictMgmt (see
Figure 42-8
Select RestrictMgmt and click Rules.
Step 4
You see an empty list of IP filters associated with this IP-ACL.
Click Create to create the first IP filter.
Step 5
You see the Create IP Filter dialog box shown in
Create an IP filter to allow management communications from a trusted subnet:
Step 6
a.
b.
c.
d.
Repeat Step
10.67.16.0/24 subnet.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
RestrictMgmt Profile Added to the List
Choose the permit Action and select 0 IP from the Protocol drop-down menu.
Set the source IP address to 10.67.16.0 and the wildcard mask to 0.0.0.255.
Note
The wildcard mask denotes a subset of the IP Address you want to match against. This
allows a range of addresses to match against this filter.
Check the any check box for the destination address.
Click Create to create this IP filter and add it to the RestrictMgmt IP-ACL.
a
through Step
d
create an IP filter that allows communications for all addresses in the
Figure
42-2.
Figure 42-3
Figure
Figure
42-5.
Cisco MDS 9000 Family CLI Configuration Guide
Example IP-ACL Configuration
.
42-8).
42-11