Opens an editor that allows you to filter management IP connectivity to the Uplogix Local Manager. Using source IP address as a parameter, the system specifically allows or denies listed IP address/subnet mask combinations.
CLI resource: system
Uplogix system: All
LMS offerings: All
config system protocols filter
[no] allow [“ip|ipv6 address/subnet mask”]
[no] deny [“ip|ipv6 address/subnet mask”]
The initial filter is allow all.
Once filtering is implemented, all managed device IP addresses must be specified in config info for each port to allow TFTP/FTP traffic to the system.
Subnet mask bits can be entered in either decimal (/27) or dotted-decimal (255.255.255.252).
Changes affect new connections to the system. Changes are applied when you exit the editor.
Improper subnet boundaries will be corrected automatically to the closest complete range.
Specifically denied addresses are filtered from those specifically allowed. The all keyword is overridden by any specific allow or deny statement. If you issue the deny all command after allowing an address, that address remains allowed. In the example below, all addresses that have not been explicitly allowed will be denied.
[admin@UplogixLM]# config system protocols filter [config system protocols filter]# allow 172.16.100.80/28 [config system protocols filter]# allow 2001:DB8:1e0:30::0/32 [config system protocols filter]# deny all [config system protocols filter]# exit [admin@UplogixLM]#
Inventory > group page > Network > Protocols > IP Filtering - specific to this inventory group
Inventory > Local Manager page > Network > Protocols > IP Filtering - specific to this system
3.4 - This command was introduced
4.3 – Added IPv6 filters