Reference Guide
22 Management Networks for Dell EMC Networking
password credentials for logging in. From the management station or NMS, use the SSH or Telnet application
to connect to the managed device.
Note: Dell EMC recommends changing the admin password to a complex password during the first login..
5.3 Control access to management functions
In an in-band network, it is important to control the access to the management system (CLI). You can control
or limit the Telnet or SSH connections to switch management by applying access lists on VTY lines.
To limit access to the switch management, create IPv4 or IPv6 access lists with permit or deny filters. Enter
VTY mode using the line vty command in configuration mode and apply the access lists to the VTY line with
the {ip | ipv6} access-class access-list-name command.
5.3.1 OS9 configuration
Below is example of a standard ACL that will allow access from the 192.168.1.0 subnet. Provide a
description. Set an IP address filter and apply the ACL to VTY lines.
OS9(conf)# ip access-list standard ALLOW-NET192
OS9(config-std-nacl)# description Allow 192.168.1 IP addresses
OS9(config-std-nacl)# seq 5 permit 192.168.1.0/24
OS9(config-std-nacl)# seq 20 deny any log
OS9(config-std-nacl)# exit
OS9(conf)# line vty 0 9
OS9(config-line-vty)# access-class ALLOW-NET192 ipv4
Note: The above example uses a standard ACL. An extended ACL can be used for configurations requiring
more granular filtering.
5.3.2 OS10EE configuration
Below is example of an ACL that will allow access from the 192.168.1.0 subnet. Provide a description. Set an
IP address filter and apply the ACL to VTY lines.
OS10(config)# ip access-list ALLOW-NET192
OS10(config-ipv4-acl)# description “Allow 192.168.1 IP addresses”
OS10(config-ipv4-acl)# permit ip 192.168.1.0 255.255.255.0 any
OS10(config-ipv4-acl)# deny ip any any
OS10(config-ipv4-acl)# exit
OS10(config)# line vty
OS10(config-line-vty)# ip access-class ALLOW-NET192