enable-management

Description                                                    Enable management access to the ACOS device.

Syntax                                                                  [no] enable-management service 
{
acl-v4 id |
acl-v6 id |
http |
https |
ping |
snmp |
ssh |
telnet
}

Parameter

Description

acl-v4 id

Permits or denies management access based on permit or deny rules in the ACL for IPv4 addresses.

acl-v6 id

Permits or denies management access based on permit or deny rules in the ACL for IPv6 addresses.

http

Allows HTTP access to the management GUI.

https

Allows HTTPS access to the management GUI.

ping

Allows ping replies from ACOS interfaces. This option does not affect the ACOS device’s ability to ping other devices.

snmp

Allows SNMP access to the ACOS device’s SNMP agent.

ssh

Allows SSH access to the CLI.

telnet

Allows Telnet access to the CLI.

NOTE:                                                                   The management interface supports only a single ACL.

NOTE:                                                                   IPv6 ACLs are supported for management access through Ethernet data interfaces and the management interface.

This command changes the CLI to the configuration level for the type of access you specify. At this level, you can specify the interfaces for which to enable access, using the following options:

     ethernet portnum [to portnum]

Enable access for the specified protocol on the specified Ethernet interface. Use the [to portnum] option to specify a range of Ethernet interfaces.

     management

Enable access for the specified protocol on the management interface.

     ve ve-num [to ve-num]

Enable access for the specified protocol on the specified virtual Ethernet interface. Use the [to ve-num] option to specify a range of virtual Ethernet interfaces.]

The CLI lists options only for the interface types for which the access type is disabled by default.

Default                                                                The following table lists the default settings for each management service.

Management Service

Management Interface

Data Interfaces

ACL

Enabled

Disabled

HTTP

Enabled

Disabled

HTTPS

Enabled

Disabled

Ping

Enabled

Enabled

SNMP

Enabled

Disabled

SSH

Enabled

Disabled

Telnet

Disabled

Disabled

Mode                                                                   Configuration mode

Usage                                                                  If the ACOS device is a member of an aVCS virtual chassis, use the device-context com­mand to specify the device in the chassis to which to apply this command.

IPv6 ACLs are supported for management access through Ethernet data interfaces and the management interface.

For more information, see “Access Based on Management Interface” in the Management Access and Security Guide.

Example                                                            The following command enables Telnet access to Ethernet data interface 6:

ACOS(config)#enable-management service telnet

ACOS(config-enable-management telnet)#ethernet 6

 

Example                                                            The following commands configure IPv6 traffic filtering on the management interface and display the resulting configuration:

ACOS(config)#ipv6 access-list ipv6-acl1

ACOS(config-access-list:ipv6-acl1)#permit ipv6 any any

ACOS(config-access-list:ipv6-acl1)#exit

ACOS(config)#interface management

ACOS(config-if:management)#ipv6 access-list ipv6-acl1 in

ACOS(config-if:management)#show running-config

ipv6 access-list ipv6-acl1

  permit ipv6 any any

!

interface management

  ip address 192.168.217.28 255.255.255.0

  ipv6 address 2001:192:168:217::28/64

  ipv6 access-list ipv6-acl1 in

 

Example                                                            The following commands configure an IPv6 ACL, then apply it to Ethernet data ports 5 and 6 to secure SSH access over IPv6:

ACOS(config)#ipv6 access-list ipv6-acl1

ACOS(config-access-list:ipv6-acl1)#permit ipv6 any any

ACOS(config-access-list:ipv6-acl1)#exit

ACOS(config)#enable-management service ssh

ACOS(config-enable-management ssh)#acl-v6 ipv6-acl1

ACOS(config-enable-management ssh-acl-v6)#ethernet 5 to 6

 

Table of Contents

Index

Glossary

-Search-

Back