Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

891

892

893

894

895

896

897

898

899

900

858 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Restricting remote access to management functions

PowerConnect(config)# access-list 10 deny host 209.157.22.32 log

PowerConnect(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log

PowerConnect(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log

PowerConnect(config)# access-list 10 deny 209.157.25.0/24 log

PowerConnect(config)# access-list 10 permit any

PowerConnect(config)# telnet access-group 10

PowerConnect(config)# write memory

Syntax: telnet access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access.

The device allows Telnet access to all IP addresses except those listed in ACL 10.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end

of the ACL.

Example

PowerConnect(config)# access-list 10 permit host 209.157.22.32

PowerConnect(config)# access-list 10 permit 209.157.23.0 0.0.0.255

PowerConnect(config)# access-list 10 permit 209.157.24.0 0.0.0.255

PowerConnect(config)# access-list 10 permit 209.157.25.0/24

PowerConnect(config)# telnet access-group 10

PowerConnect(config)# write memory

The ACL in this example permits Telnet access only to the IP addresses in the permit entries and

denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following.

Syntax: ssh access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACL 12, then apply the ACL as the access list for SSH access. The

device denies SSH access from the IP addresses listed in ACL 12 and permits SSH access from all

other IP addresses. Without the last ACL entry for permitting all packets, this ACL would deny SSH

access from all IP addresses.

NOTE

In this example, the command ssh access-group 10 could have been used to apply the ACL

configured in the example for Telnet access. You can use the same ACL multiple times.

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

PowerConnect(config)# access-list 12 deny host 209.157.22.98 log

PowerConnect(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log

PowerConnect(config)# access-list 12 deny 209.157.24.0/24 log

PowerConnect(config)# access-list 12 permit any

PowerConnect(config)# ssh access-group 12

PowerConnect(config)# write memory