HP Cisco MDS 9216 - Fabric Switch Configuration Manual page 812

Example IP-ACL Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Create an IP filter to allow ICMP ping commands:
Step 7
Choose the permit Action and select 1-ICMP from the Protocol drop-down menu.
a.
Check the any check box for the source address.
b.
Check the any check box for the destination address.
c.
Select 8 echo from the ICMPType drop-down menu.
d.
Click Create to create this IP filter and add it to the RestrictMgmt IP-ACL .
e.
Repeat Step
Step 8 Create a final IP Filter to block all other traffic:
a. Choose the deny Action and select 0 IP from the Protocol drop-down menu.
b. Check the any check box for the source address.
c. Check the any check box for the destination address.
d. Click Create to create this IP filter and add it to the RestrictMgmt IP-ACL.
e. Click Close to close the Create IP Filter dialog box.
Repeat Step
Apply the RestrictMgmt IP ACL to the mgmt0 interface:
Step 9
Click Security, select IP ACL and then click the Interfaces tab in the IP ACL dialog box.
a.
Click Create.
b.
You see the Create IP-ACL Interfaces dialog box.
Select mgmt0 from the Interfaces drop-down menu.
c.
Select the inbound Profile Director.
d.
e. Select RestrictMgmt from the ProfileName drop-down menu.
f. Click Create to apply the RestrictMgmt IP-ACL to the mgmt0 interface.
Repeat Step
Cisco MDS 9000 Family CLI Configuration Guide
42-12
a through Step e create an IP filter that allows ICMP ping.
a through Step d create an IP filter that blocks all other traffic.
a through Step f apply the new IP-ACL to the mgmt0 interface.
Chapter 42 Configuring IPv4 and IPv6 Access Control Lists
OL-16184-01, Cisco MDS SAN-OS Release 3.x