Admin Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this document
- Chapter 3: Basic administration
- Chapter 4: System startup fundamentals
- Chapter 5: Boot parameter configuration using ACLI
- Chapter 6: Run-time process management using ACLI
- Chapter 7: Chassis operations
- Chassis operations fundamentals
- Chassis operations configuration using ACLI
- Enabling jumbo frames
- Configuring port lock
- Configuring SONMP
- Viewing the topology message status
- Associating a port to a VRF instance
- Configuring an IP address for the management port
- Configuring Ethernet ports with Autonegotiation
- Enabling channelization
- Configuring serial management port dropping
- Controlling slot power
- Enabling or disabling the USB port
- Chassis operations configuration using EDM
- Editing system information
- Editing chassis information
- Configuring system flags
- Configuring channelization
- Configuring basic port parameters
- Viewing the boot configuration
- Configuring boot flags
- Enabling Jumbo frames
- Configuring the date and time
- Associating a port to a VRF instance
- Configuring CP Limit
- Configuring an IP address for the management port
- Editing the management port parameters
- Configuring the management port IPv6 interface parameters
- Configuring management port IPv6 addresses
- Auto reactivating the port of the SLPP shutdown
- Editing serial port parameters
- Enabling port lock
- Locking a port
- Viewing power information
- Viewing power status on VSP 8400
- Viewing fan information
- Viewing topology status information
- Viewing the topology message status
- Configuring a forced message control pattern
- Chapter 8: Hardware status using EDM
- Chapter 9: Domain Name Service
- Chapter 10: Licensing
- Chapter 11: Network Time Protocol
- Chapter 12: Secure Shell
- Secure Shell fundamentals
- Secure Shell configuration using ACLI
- Downloading the software
- Enabling the SSHv2 server
- Changing the SSH server authentication mode
- Setting SSH configuration parameters
- Verifying and displaying SSH configuration information
- Connecting to a remote host using the SSH client
- Generating user key files
- Managing an SSL certificate
- Disabling SFTP without disabling SSH
- Enabling SSH rekey
- Configuring SSH rekey data-limit
- Configuring SSH rekey time-interval
- Displaying SSH rekey information
- Downgrading or upgrading from releases that support different key sizes
- Secure Shell configuration using Enterprise Device Manager
- Chapter 13: System access
- System access fundamentals
- System access configuration using ACLI
- Enabling ACLI access levels
- Changing passwords
- Configuring an access policy
- Specifying a name for an access policy
- Allowing a network access to the switch
- Configuring access policies by MAC address
- System access security enhancements
- Displaying the boot config flags status
- Enabling enhanced secure mode
- Creating accounts for different access levels
- Deleting accounts in enhanced secure mode
- Configuring a password for a specific user
- Returning the system to the factory defaults
- Configuring the password complexity rule
- Configuring the password length rule
- Configuring the change interval rule
- Configuring the reuse rule
- Configuring the maximum number of sessions
- Configuring the maximum age rule
- Configuring the pre- and post-notification rule
- System access configuration using EDM
- Chapter 14: ACLI show command reference
- Access, logon names, and passwords
- Basic switch configuration
- Current switch configuration
- CLI settings
- Ftp-access sessions
- Hardware information
- NTP server statistics
- Power summary
- Power information for power supplies
- System information
- System status (detailed)
- Telnet-access sessions
- Users logged on
- Port egress COS queue statistics
- CPU queue statistics
- Chapter 15: Port numbering and MAC address assignment reference
- Chapter 16: Supported standards, RFCs, and MIBs
- Glossary
Table 48: Variable definitions
Variable Value
mode <allow|deny> Specifies whether a designated network address is
allowed or denied access through the specified
access service. The default is allow.
network <A.B.C.D> <A.B.C.D> The IPv4 address and subnet mask, or the IPv6
address and prefix-length permitted, or denied,
access through the specified access service.
Configuring access policies by MAC address
About this task
Configure access-policies by MAC address to allow or deny local MAC addresses on the network
management port after an access policy is activated. If the source MAC does not match a
configured entry, the default action is taken. A log message is generated to record the denial of
access. For connections coming in from a different subnet, the source mac of the last hop is used in
decision making. Configure access-policies by MAC address does not perform MAC or Forwarding
Database (FDB) filtering on data ports.
Procedure
1. Enter Global Configuration mode:
enable
configure terminal
2. Add the MAC address and configure the action for the policy:
access-policy by-mac <0x00:0x00:0x00:0x00:0x00:0x00> <allow|deny>
3. Specify the action for a MAC address that does not match the policy:
access-policy by-mac action <allow|deny>
Example
Switch:1> enable
Switch:1 configure terminal
Add the MAC address:
Switch:1(config)# access-policy by-mac 00–C0–D0–86–BB-E7 allow
Variable definitions
Use the data in the following table to use the access-policy by-mac command.
System access configuration using ACLI
January 2017 Administering Avaya VSP 7200 Series and 8000 Series 195
Comments on this document? infodev@avaya.com