Applying An Ip-Acl To Mgmt0 - Cisco MDS 9000 Series Configuration Manual

Configuring IPv4 and IPv6 Access Control Lists
Procedure
Step 1
switch# configure terminal
Enters configuration mode.
Step 2 switch(config)# interface mgmt0
switch(config-if)#
Configures a management interface (mgmt0).
Step 3
switch(config-if)# ipv6 traffic-filter RestrictMgmt in
Applies an IPv6-ACL called RestrictMgmt (if it does not already exist) for ingress traffic.
Step 4 switch(config-if)# no ipv6 traffic-filter RestrictMgmt in
Removes the IPv6-ACL called RestrictMgmt for ingress traffic.
Step 5
switch(config-if)# ipv6 traffic-filter SampleName2 out
Applies an IPv6-ACL called SampleName2 (if it does not already exist) for egress traffic.
Step 6 switch(config-if)# no ipv6 traffic-filter SampleName2 out
Removes the IPv6-ACL called SampleName2 for egress traffic.

Applying an IP-ACL to mgmt0

A system default ACL called mgmt0 exists on the mgmt0 interface. This ACL is not visible to the user, so
mgmt0 is a reserved ACL name that cannot be used. The mgmt0 ACL blocks most ports and only allows
access to required ports in compliance to accepted security policies.
Note If you apply an ACL to the mgmt0 interface, it automatically replaces the system default ACL on the mgmt0
interface. When you remove the user-defined ACL on the mgmt0 interface, system automatically reapplies
the mgmt0 to the system default ACL. We recommend that you configure an ACL to open only the ports that
are required and deny the ports that are not required.
Verifying Interface IP-ACL Configuration
Use the show interface command to display the IPv4-ACL configuration on an interface.
switch# show interface mgmt 0
mgmt0 is up
Internet address(es):
10.126.95.180/24
2001:420:54ff:a4::222:5dd/119
fe80::eaed:f3ff:fee5:d28f/64
Hardware is GigabitEthernet
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Applying an IP-ACL to mgmt0
113