Commit d37b382a authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Commit some notes I made a long time ago about creating access control

lists on the genirack control switch, to block access to the ILOs. Would
need to be localized to the rack network of course, and I vaguely
remember that some of the switches had different firmware and so the
commands had to be changed. Also note the netmasks are inverted from
what we normally think they should be. OH HP ...
parent bd8ba4bb
ip access-list extended "IlO"
100 remark "Allow Utah Flux to ILO"
100 permit ip
101 permit ip
102 permit ip
103 permit ip
104 permit ip
105 permit ip
150 remark "Allow Utah Emulab to IlO"
150 permit ip
151 permit ip
152 permit ip
153 permit ip
154 permit ip
155 permit ip
160 remark "Allow Local control node to IlO"
161 permit ip
162 permit ip
163 permit ip
164 permit ip
165 permit ip
166 permit ip
170 remark "Allow Local boss node to IlO"
171 permit ip
172 permit ip
173 permit ip
174 permit ip
175 permit ip
176 permit ip
250 remark "Deny from anywhere else to ILO"
250 deny ip
251 deny ip
252 deny ip
253 deny ip
254 deny ip
255 deny ip
500 remark "Allow all other traffic"
500 permit ip
interface 26 access-group ilo in
write memory
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment