Manual
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Starting a Web Browser Management Session
- Chapter 2
- Basic Switch Parameters
- Configuring the Switch’s Name, Location, and Contact
- Changing the Manager and Operator Passwords
- Setting the System Date and Time
- Rebooting a Switch
- Pinging a Remote System
- Returning the AT-S63 Management Software to the Factory Default Values
- Displaying the IP Address of the Local Interface
- Displaying System Information
- Chapter 3
- Enhanced Stacking
- Chapter 4
- SNMPv1 and SNMPv2c
- Chapter 5
- Port Parameters
- Chapter 6
- MAC Address Table
- Chapter 7
- Static Port Trunks
- Chapter 8
- Port Mirroring
- Section II
- Advanced Operations
- Chapter 9
- File System
- Chapter 10
- File Downloads and Uploads
- Chapter 11
- Event Logs and Syslog Servers
- Chapter 12
- Classifiers
- Chapter 13
- Access Control Lists
- Chapter 14
- Class of Service
- Chapter 15
- Quality of Service
- Chapter 16
- Denial of Service Defense
- Chapter 17
- IGMP Snooping
- Section III
- SNMPv3
- Chapter 18
- SNMPv3
- Configuring the SNMPv3 Protocol
- Enabling or Disabling SNMP Management
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Tables
- Section IV
- Spanning Tree Protocols
- Chapter 19
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 20
- Multiple Spanning Tree Protocol
- Section V
- Virtual LANs
- Chapter 21
- Port-based and Tagged VLANs
- Chapter 22
- GARP VLAN Registration Protocol
- Section VI
- Port Security
- Chapter 23
- MAC Address-based Port Security
- Chapter 24
- 802.1x Port-based Network Access Control
- Section VII
- Management Security
- Chapter 25
- Encryption Keys, PKI, and SSL
- Chapter 26
- Secure Shell (SSH)
- Chapter 27
- TACACS+ and RADIUS Protocols
- Chapter 28
- Management Access Control List
- Index
Chapter 28: Management Access Control List
420 Section VII: Management Security
Creating an ACE
To add a new ACE to the management ACL, perform the following
procedure:
1. From the home page, select Configuration.
2. From the Configuration menu, select the Mgmt. Security option.
3. Select the Mgmt. ACL tab.
The tab is shown in Figure 168 on page 419.
4. To add a new ACE, configure the following parameters in the Mgmt.
ACT tab:
MACL ID
Specifies an identification number for the access control entry. Every
ACE must have a unique number. The range is 1 to 256.
Mgmt. ACL IP Address
Specifies the IP address of a management workstation to be allowed
management access to the switch (for example, 149.11.11.11).
Alternatively, you can specify a subnet. You must enter an IP address.
If you enter an IP address of a specific management node, that node
will be permitted remote management access to the switch. If you
enter a subnet, any management node in the subnet will be permitted
remote management access to the switch.
Mgmt. ACL IP Mask
Specifies a mask that indicates the parts of the IP address the switch
should filter on. A binary “1” indicates the switch should filter on the
corresponding bit of the address, while a “0” indicates that it should
not. If you are filtering on a specific IP address, use the mask
255.255.255.255. If you are filtering on a subnet, the mask will depend
on the address. For example, to allow all management workstations in
the subnet 149.11.11.0 to manage the switch, you would enter the
mask 255.255.255.0.
Application
Specifies the application the management station can use to manage
the switch. You can select more than one by holding down the Shift
key when making the selections. The options are:
Telnet - Allows Telnet management.
Web - Allows web browser management.
Ping - Allows the management workstation to ping the switch.
All - Allows all of the above.