Lenovo Flex SystemChassis Management Module 2 command-line interface: accesscontrol command

This command displays and configures user access policies based on IP/MAC.

User can configure to allow or deny user access based on their IP/MAC. The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total) addresses. There are three policies available:

White List : Only the IP/MAC addresses in the table are allowed to access.
Black List : All IP/MAC addresses are allowed to access except those in the table, whose access is denied.
No policies: All the other policies will be removed when selected.

Following is an example of access control command:

accesscontrol -T mm[P] -black -start_d 11/01/2016 -start_h 14:45:00 -stop_d 11/01/2016 -stop_h 15:22:00 -i4 172.20.25.195 -mac 34-40-B5-DF-71-32 -i6 9000::8000 -enable

Note:

User can set a timeframe for the policy to take place by entering starting and ending date. Otherwise, the newly selected policy takes effects immediately.
The selected policy persists after system reboot, but will be erased after system downgrade when the system goes to a version lower than 1.3.0.
To comply with security requirement for this feature, do not use advance failover with “Do not swap Management Module IP addresses” option.

The command table is a multi-row, four-column table where each row describes a CMM CLI command option: column one lists command function, column two provides a detailed command description, column three shows command-option syntax, and column four lists valid command targets.

Function	What it does	Command	Target (see paths in )
No policies	Disables access control and removes all the previously created rules.	`accesscontrol -off`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Create white list	Creates a white list of IPs/MACs with permission to access the CMM. -i4/-i6/-mac: the IPV4/IPV6/MAC addresses to be included in the white list. -i4_d/-i6_d/-mac_d: the IPV4/IPV6/MAC addresses to be removed from the white list. Note: The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total).	`accesscontrol -white -i4` ip_v4 `-i6` ip_v6 `-mac` mac_addr `-i4_d` ip_v4 `-i6_d` ip_v6 `-mac_d` mac_addr where ip_v4 is one or more IPV4 addresses. ip_v6 is one or more IPV6 addresses. Accepted format: xx:xx:xx:xx:xx:xx:xx (Short IPV6 is accepted as well. Ex: xx::xx). mac_addr is one or more MAC addresses. Accepted format: xx-xx-xx-xx-xx-xx.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Create black list	Creates a black list of IPs/MACs that will be denied acces sto the CMM. -i4/-i6/-mac: the IPV4/IPV6/MAC addresses to be included in the black list. -i4_d/-i6_d/-mac_d: the IPV4/IPV6/MAC addresses to be removed from the black list. Note: The list associated with a policy can include maximum of 10 IPV4, 10 IPV6 and 10 MAC (30 in total).	`accesscontrol -black -i4` ip_v4 `-i6` ip_v6 `-mac` mac_addr `-i4_d` ip_v4 `-i6_d` ip_v6 `-mac_d` mac_addr where ip_v4 is one or more IPV4 addresses. ip_v6 is one or more IPV6 addresses. Accepted format: xx:xx:xx:xx:xx:xx:xx (Short IPV6 is accepted as well. Ex: xx::xx). mac_addr is one or more MAC addresses. Accepted format: xx-xx-xx-xx-xx-xx.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Set starting time	Sets a policy to start at an appointed time and date.	`accesscontrol -white/black -start_h` time `-start_d` date where time is an exact time. Accepted format: hh:mm:ss. date is a date. Accepted format: mm/dd/yyyy.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Set ending time	Sets a policy to stop at an appointed time and date.	`accesscontrol -white/black -stop_h` time `-stop_d` date where time is an exact time. Accepted format: hh:mm:ss. date is a date. Accepted format: mm/dd/yyyy.	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Enable a policy	Enables a policy Note: All set policies are disabled by default and will only become effective after being enabled.	`accesscontrol -black/white` `-enable`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.
Disable a policy	Disables a policy.	`accesscontrol -black/white` `-disable`	Primary CMM: `mm[p]` `mm[P]` `mm[x]` where x is the primary CMM bay number.