Access control
Access to the Cisco Nexus 3550-F Fusion (formerly ExaLINK Fusion) management interface can be controlled through access control rules, which can be used to allow or deny specific IP address ranges.
Care should be taken when specifying access control rules, otherwise it is possible to block all access. If services are used that require access to other servers, such as SNMP or TACACS+, remember to add rules to allow access to those machines.
Configuring access control
Typically rules are set to allow a
certain range of addresses and block all others. Add the allow
rules
before the deny
rules.
To grant access to connections originating from IP addresses
192.168.220.*
and 192.168.7.1
:
admin@N3550-F> configure management access-list allow 192.168.220.0/24
Access control rules updated
admin@N3550-F> configure management access-list allow 192.168.7.1
Access control rules updated
admin@N3550-F> show management access-list
Policy Address
------ -------------
allow 192.168.220.0/24
allow 192.168.7.1
To deny access from all other addresses:
admin@N3550-F> configure management access-list deny 0.0.0.0/0
Access control rules updated
admin@N3550-F> show management access-list
Policy Address
------ -------------
deny 0.0.0.0/0
allow 192.168.220.0/24
allow 192.168.7.1
To reset the rules:
admin@N3550-F> configure no management access-list
Access control rules reset
Recovery
If the rules are entered in the wrong order, or are entered incorrectly, you can block your own access. To recover from this, simply use the serial port of the Nexus 3550-F for access to log on and change the rule set.
This page was last updated on Mar-08-2021.