Vty Mac-Sa Filter Support - Dell Force10 MXL Blade Configuration Manual
Configuration guide for the mxl 10/40gbe switch io module
Hide thumbs
Also See for Force10 MXL Blade:
- Reference manual (732 pages) ,
- Deployment manual (89 pages) ,
- Getting started manual (38 pages)
Table of Contents
Advertisement
Figure 28-17. Example Access Class Configuration Using TACACS+ Without Prompt
FTOS(conf)#ip access-list standard deny10
FTOS(conf-ext-nacl)#permit 10.0.0.0/8
FTOS(conf-ext-nacl)#deny any
FTOS(conf)#
FTOS(conf)#aaa authentication login tacacsmethod tacacs+
FTOS(conf)#tacacs-server host 256.1.1.2 key FTOS
FTOS(conf)#
FTOS(conf)#line vty 0 9
FTOS(conf-line-vty)#login authentication tacacsmethod
FTOS(conf-line-vty)#
FTOS(conf-line-vty)#access-class deny10
FTOS(conf-line-vty)#end
(same applies for radius and line authentication)
VTY MAC-SA Filter Support
FTOS supports MAC access lists which permit or deny users based on their source MAC address. With
this approach, you can implement a security policy based on the source MAC address.
To apply a MAC ACL on a VTY line, use the same
Figure 28-18
prompt.
Figure 28-18. Example Access Class Configuration Using TACACS+ Without Prompt
FTOS(conf)#mac access-list standard sourcemac
FTOS(conf-std-mac)#permit 00:00:5e:00:01:01
FTOS(conf-std-mac)#deny any
FTOS(conf)#
FTOS(conf)#line vty 0 9
FTOS(conf-line-vty)#access-class sourcemac
FTOS(conf-line-vty)#end
502
|
Security
shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login
command as IP ACLs
access-class
(Figure
28-18).
- Quick Links:
- Accessing the Command Line
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
