Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 5324 » Manual Viewer

Dell PowerConnect 5324 Command Line Interface Guide - Page 191

deny (management), Source IP address. Range: Valid IP Address

View all Dell PowerConnect 5324 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 191 highlights

• mask prefix-length-Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service service-Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp. Default Configuration If no permit statement is present, the default is set to deny. Command Mode Management Access-list Configuration mode User Guidelines • Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules. Example The following example shows how all ports are permitted in the access-list called "mlist". Console (config)# management access-list mlist Console (config-macl)# permit deny (management) The deny Management Access-List Configuration mode command defines a deny rule. Syntax deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlanid | port-channel number] [service service] • ethernet interface-number-A valid Ethernet port number. • vlan vlan-id-A valid VLAN number. • port-channel number-A valid port-channel number. • ip-address-Source IP address. (Range: Valid IP Address) • mask mask-Specifies the network mask of the source IP address. (Range: Valid subnet mask) • mask prefix-length-Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) Management ACL 191

Section	Page
Command Groups	21
Introduction	21
Command Groups	21
AAA Commands	23
Address Table Commands	23
Clock Commands	24
Configuration and Image Files Commands	25
Ethernet Configuration Commands	26
GVRP Commands	27
IGMP Snooping Commands	28
IP Addressing	28
LACP Commands	29
Line Commands	29
LLDP Commands	30
Management ACL Commands	31
PHY Diagnostics Commands	31
Port Channel Commands	32
Port Monitor Commands	32
QoS Commands	32
Radius Commands	33
RMON Commands	34
SNMP Commands	34
Spanning Tree Commands	35
SSH Commands	37
Syslog Commands	38
System Management Commands	39
TACACS Commands	39
User Interface Commands	40
VLAN Commands	40
Web Server Commands	42
802.1x Commands	43
Command Modes	45
GC (Global Configuration) Mode	45
IC (Interface Configuration) Mode	48
LC (Line Configuration) Mode	50
MA (Management Access-level) Mode	51
PE (Privileged User EXEC) Mode	51
SP (SSH Public Key) Mode	53
UE (User EXEC) Mode	53
VC (VLAN Configuration) Mode	55
Using the CLI	57
CLI Command Modes	57
Starting the CLI	60
Editing Features	61
AAA Commands	65
aaa authentication login	65
aaa authentication enable	66
login authentication	67
enable authentication	68
ip http authentication	69
ip https authentication	70
show authentication methods	70
password	72
enable password	73
username	74
show users accounts	74
Address Table Commands	77
bridge address	77
bridge multicast filtering	78
bridge multicast address	78
bridge multicast forbidden address	80
bridge multicast forward-all	81
bridge multicast forbidden forward-all	81
bridge aging-time	82
clear bridge	83
port security	84
port security routed secure-address	85
show bridge address-table	85
show bridge address-table static	87
show bridge address-table count	88
show bridge multicast address-table	89
show bridge multicast filtering	91
show ports security	91
Clock	93
clock set	93
clock source	93
clock timezone	94
clock summer-time	95
sntp authentication-key	96
sntp authenticate	97
sntp trusted-key	98
sntp client poll timer	98
sntp broadcast client enable	99
sntp anycast client enable	100
sntp client enable (interface)	100
sntp unicast client enable	101
sntp unicast client poll	102
sntp server	102
show clock	103
show sntp configuration	105
show sntp status	106
Configuration and Image Files	109
delete startup-config	109
copy	109
boot system	112
show running-config	113
show startup-config	114
show backup-config	116
show bootvar	118
Ethernet Configuration Commands	119
interface ethernet	119
interface range ethernet	119
shutdown	120
description	121
speed	121
duplex	122
negotiation	123
flowcontrol	123
mdix	124
back-pressure	125
port jumbo-frame	126
clear counters	126
set interface active	127
show interfaces configuration	127
show interfaces status	129
show interfaces description	131
show interfaces counters	132
show ports jumbo-frame	136
port storm-control include-multicast	137
port storm-control broadcast enable	137
port storm-control broadcast rate	138
show ports storm-control	139
GVRP Commands	141
gvrp enable (global)	141
gvrp enable (interface)	141
garp timer	142
gvrp vlan-creation-forbid	143
gvrp registration-forbid	144
clear gvrp statistics	144
show gvrp configuration	145
show gvrp statistics	146
show gvrp error-statistics	147
IGMP Snooping Commands	149
ip igmp snooping (Global)	149
ip igmp snooping (Interface)	149
ip igmp snooping mrouter	150
ip igmp snooping host-time-out	150
ip igmp snooping mrouter-time-out	151
ip igmp snooping leave-time-out	152
show ip igmp snooping mrouter	153
show ip igmp snooping interface	153
show ip igmp snooping groups	154
IP Addressing Commands	157
clear host dhcp	157
ip address	157
ip address dhcp	158
ip default-gateway	159
show ip interface	160
arp	161
arp timeout	162
clear arp-cache	162
show arp	163
ip domain-lookup	164
ip domain-name	164
ip name-server	165
ip host	165
clear host	166
show hosts	167
LACP Commands	169
lacp system-priority	169
lacp port-priority	169
lacp timeout	170
show lacp ethernet	171
show lacp port-channel	171
Line Commands	173
line	173
speed	173
autobaud	174
exec-timeout	174
show line	175
terminal history	176
terminal history size	176
LLDP Commands	179
lldp enable (global)	179
Syntax	179
lldp enable (interface)	179
lldp timer	180
lldp reinit-delay	181
lldp tx-delay	182
lldp optional-tlv	183
lldp management-address	183
clear lldp rx	184
show lldp configuration	185
show lldp local	185
show lldp neighbors	186
Management ACL	189
management access-list	189
permit (management)	190
deny (management)	191
management access-class	192
show management access-list	193
show management access-class	193
PHY Diagnostics Commands	195
test copper-port tdr	195
show copper-ports tdr	195
show copper-ports cable-length	196
show fiber-ports optical-transceiver	197
Port Channel Commands	201
interface port-channel	201
interface range port-channel	201
channel-group	202
port channel load balance	203
show interfaces port-channel	203
Port Monitor Commands	205
port monitor	205
show ports monitor	206
QoS Commands	209
qos	209
show qos	209
wrr-queue cos-map	210
wrr-queue bandwidth	211
priority-queue out num-of-queues	212
show qos interface	213
qos map dscp-queue	214
qos trust (Global)	215
qos trust (Interface)	216
qos cos	216
show qos map	217
Radius Commands	219
radius-server host	219
radius-server key	220
radius-server retransmit	221
radius-server source-ip	221
radius-server timeout	222
radius-server deadtime	223
show radius-servers	223
RMON Commands	225
show rmon statistics	225
rmon collection history	227
show rmon collection history	228
show rmon history	229
rmon alarm	232
show rmon alarm-table	233
show rmon alarm	234
rmon event	236
show rmon events	237
show rmon log	238
rmon table-size	240
SNMP Commands	241
snmp-server community	241
snmp-server view	242
snmp-server filter	243
snmp-server contact	244
snmp-server location	244
snmp-server enable traps	245
snmp-server trap authentication	246
snmp-server host	246
snmp-server set	247
snmp-server group	248
snmp-server user	249
snmp-server v3-host	251
snmp-server engineID local	252
show snmp engineid	253
show snmp	254
show snmp views	255
show snmp groups	256
show snmp filters	257
show snmp users	258
Spanning-Tree Commands	261
spanning-tree	261
spanning-tree mode	261
spanning-tree forward-time	262
spanning-tree hello-time	263
spanning-tree max-age	264
spanning-tree priority	265
spanning-tree disable	265
spanning-tree cost	266
spanning-tree port-priority	267
spanning-tree portfast	267
spanning-tree link-type	268
spanning-tree mst priority	269
spanning-tree mst max-hops	269
spanning-tree mst port-priority	270
spanning-tree mst cost	271
spanning-tree mst configuration	271
instance (mst)	272
name (mst)	273
revision (mst)	273
show (mst)	274
exit (mst)	275
abort (mst)	275
spanning-tree pathcost method	276
spanning-tree bpdu	276
clear spanning-tree detected-protocols	277
show spanning-tree	278
spanning-tree mst mstp-rstp	290
Spanning-tree guard root	291
SSH Commands	293
ip ssh port	293
ip ssh server	293
crypto key generate dsa	294
crypto key generate rsa	294
ip ssh pubkey-auth	295
crypto key pubkey-chain ssh	296
user-key	296
key-string	297
show ip ssh	298
show crypto key mypubkey	299
show crypto key pubkey-chain ssh	300
Syslog Commands	303
logging on	303
logging	303
logging console	304
logging buffered	305
logging buffered size	305
clear logging	306
logging file	307
clear logging file	307
show logging	308
show logging file	309
show syslog-servers	310
System Management	313
ping	313
traceroute	314
telnet	317
resume	320
reload	321
hostname	321
show users	322
show sessions	322
show system	323
show version	324
asset-tag	325
show system id	326
TACACS Commands	327
tacacs-server host	327
tacacs-server key	328
tacacs-server timeout	328
tacacs-server source-ip	329
show tacacs	330
User Interface	331
enable	331
disable	331
login	332
configure	332
exit(configuration)	333
exit(EXEC)	334
end	334
help	335
history	335
history size	336
debug-mode	336
show history	337
show privilege	338
VLAN Commands	339
vlan database	339
vlan	339
default-vlan disable	340
interface vlan	340
interface range vlan	341
name	342
switchport access vlan	342
switchport trunk allowed vlan	343
switchport trunk native vlan	344
switchport general allowed vlan	344
switchport general pvid	345
switchport general ingress-filtering disable	346
switchport general acceptable-frame-type tagged-only	347
switchport forbidden vlan	347
map protocol protocols-group	348
switchport general map protocols-group vlan	349
ip internal-usage-vlan	349
show vlan	350
show vlan internal usage	351
show vlan protocols-groups	352
show interfaces switchport	353
switchport mode	354
switchport customer vlan	355
Web Server	357
ip http server	357
ip http port	357
ip https server	358
ip https port	358
crypto certificate generate	359
crypto certificate request	360
crypto certificate import	362
ip https certificate	363
crypto certificate export pkcs12	364
crypto certificate import pkcs12	366
show crypto certificate mycertificate	368
show ip http	369
show ip https	369
802.1x Commands	371
aaa authentication dot1x	371
dot1x system-auto-control	372
dot1x port-control	372
dot1x re-authentication	373
dot1x timeout re-authperiod	374
dot1x re-authenticate	374
dot1x timeout quiet-period	375
dot1x timeout tx-period	376
dot1x max-req	377
dot1x timeout supp-timeout	377
dot1x timeout server-timeout	378
show dot1x	379
show dot1x users	381
show dot1x statistics	382
ADVANCED FEATURES	384
dot1x auth-not-req	384
dot1x multiple-hosts	385
dot1x single-host-violation	385

Match case Limit results 1 per page

Management ACL

191

•

mask

prefix-length

—Specifies the number of bits that comprise the source IP address

prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)

•

service

—Indicates service type. Can be one of the following:

telnet

ssh

http,

https

snmp

Default Configuration

If no

permit

statement is present, the default is set to

deny.

Command Mode

Management Access-list Configuration mode

User Guidelines

•

Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is

defined on the appropriate interface.The system supports up to 256 management access

rules.

Example

The following example shows how all ports are permitted in the access-list called "mlist".

deny (management)

The

deny

Management Access-List Configuration mode command defines a deny rule.

Syntax

deny

[

ethernet

interface-number

vlan

vlan-id

port-channel

number

] [

service

]

deny ip-source

ip-address

[

mask

prefix-length

] [

ethernet

interface-number

vlan

vlan-

port-channel

number

] [

service

]

•

ethernet

interface-number

—A valid Ethernet port number.

•

vlan

vlan-id

—A valid VLAN number.

•

port-channel

number

—A valid port-channel number.

•

ip-address

—Source IP address. (Range: Valid IP Address)

•

mask

—Specifies the network mask of the source IP address. (Range: Valid subnet

mask)

•

mask

prefix-length

—Specifies the number of bits that comprise the source IP address

prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)

Console (config)#

management access-list

mlist

Console (config-macl)#

permit