Skip to main content

accesscontrol command

This command displays and configures user access policies based on IP/MAC.

User can configure to allow or deny user access based on their IP/MAC. The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total) addresses. There are three policies available:

  • White List : Only the IP/MAC addresses in the table are allowed to access.

  • Black List : All IP/MAC addresses are allowed to access except those in the table, whose access is denied.

  • No policies: All the other policies will be removed when selected.

Following is an example of access control command:

accesscontrol -T mm[P] -black -start_d 11/01/2016 -start_h 14:45:00 -stop_d 11/01/2016 -stop_h 15:22:00 -i4 172.20.25.195 -mac 34-40-B5-DF-71-32 -i6 9000::8000 -enable

Note
  • User can set a timeframe for the policy to take place by entering starting and ending date. Otherwise, the newly selected policy takes effects immediately.

  • The selected policy persists after system reboot, but will be erased after system downgrade when the system goes to a version lower than 1.3.0.

  • To comply with security requirement for this feature, do not use advance failover with “Do not swap Management Module IP addresses” option.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

FunctionWhat it doesCommandTarget (see paths in )
No policiesDisables access control and removes all the previously created rules.accesscontrol -off
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Create white list

Creates a white list of IPs/MACs with permission to access the CMM.

  • -i4/-i6/-mac: the IPV4/IPV6/MAC addresses to be included in the white list.

  • -i4_d/-i6_d/-mac_d: the IPV4/IPV6/MAC addresses to be removed from the white list.

Note
The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total).
accesscontrol -white -i4 ip_v4 -i6 ip_v6 -mac mac_addr -i4_d ip_v4 -i6_d ip_v6 -mac_d mac_addr

where

  • ip_v4 is one or more IPV4 addresses.

  • ip_v6 is one or more IPV6 addresses.

    Accepted format: xx:xx:xx:xx:xx:xx:xx (Short IPV6 is accepted as well. Ex: xx::xx).

  • mac_addr is one or more MAC addresses.

    Accepted format: xx-xx-xx-xx-xx-xx.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Create black list

Creates a black list of IPs/MACs that will be denied acces sto the CMM.

  • -i4/-i6/-mac: the IPV4/IPV6/MAC addresses to be included in the black list.

  • -i4_d/-i6_d/-mac_d: the IPV4/IPV6/MAC addresses to be removed from the black list.

Note
The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total).
accesscontrol -black -i4 ip_v4 -i6 ip_v6 -mac mac_addr -i4_d ip_v4 -i6_d ip_v6 -mac_d mac_addr

where

  • ip_v4 is one or more IPV4 addresses.

  • ip_v6 is one or more IPV6 addresses.

    Accepted format: xx:xx:xx:xx:xx:xx:xx (Short IPV6 is accepted as well. Ex: xx::xx).

  • mac_addr is one or more MAC addresses.

    Accepted format: xx-xx-xx-xx-xx-xx.
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Set starting time

Sets a policy to start at an appointed time and date.

accesscontrol -white/black -start_h time -start_d date

where

  • time is an exact time.

    Accepted format: hh:mm:ss.

  • date is a date.

    Accepted format: mm/dd/yyyy.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Set ending time

Sets a policy to stop at an appointed time and date.

accesscontrol -white/black -stop_h time -stop_d date

where

  • time is an exact time.

    Accepted format: hh:mm:ss.

  • date is a date.

    Accepted format: mm/dd/yyyy.

Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Enable a policy

Enables a policy

Note
All set policies are disabled by default and will only become effective after being enabled.
accesscontrol -black/white -enable
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.
Disable a policy

Disables a policy.

accesscontrol -black/white -disable
Primary CMM:
  • mm[p]
  • mm[P]
  • mm[x]
  • where x is the primary CMM bay number.