Gigabit Ethernet Switch Management Guide
C
ONFIGURING
THE
 S
WITCH
3-78
CLI – This examples assigns an IP and MAC ingress ACL to port 1, and 
an IP ingress ACL to port 2.
Filtering Management Access
You can specify the client IP addresses that are allowed management 
access to the switch through the web interface, SNMP, or Telnet.
Command Usage
• The management interfaces are open to all IP addresses by default. 
Once you add an entry to a filter list, access to that interface is 
restricted to the specified addresses.
• If anyone tries to access a management interface on the switch from an 
invalid address, the switch will reject the connection, enter an event 
message in the system log, and send a trap message to the trap 
manager.
• IP address can be configured for SNMP, web and Telnet access 
respectively. Each of these groups can include up to five different sets 
of addresses, either individual addresses or address ranges. 
• When entering addresses for the same group (i.e., SNMP, web or 
Telnet), the switch will not accept overlapping address ranges. When 
entering addresses for different groups, the switch will accept 
overlapping address ranges.
• You cannot delete an individual address from a specified range. You 
must delete the entire range, and reenter the addresses.
• You can delete an address range just by specifying the start address, or 
by specifying both the start address and end address. 
Console(config)#interface ethernet 1/1 3-168
Console(config-if)#ip access-group david in 3-129
Console(config-if)#mac access-group jerry in 3-144
Console(config-if)#exit
Console(config)#interface ethernet 1/2
Console(config-if)#ip access-group david in
Console(config-if)#










