Setting allowable source ip address ranges, Setting allowable source ip address ranges 100 – Nortel Networks WEB OS 212777 User Manual
Page 100
Web OS 10.0 Application Guide
100
n
Chapter 5: Secure Switch Management
212777-A, February 2002
Setting Allowable Source IP Address
Ranges
The allowable management IP address range is configured using the system
mnet
and
mmask
options available on the Command Line Interface (CLI) System Menu (
/cfg/sys
).
N
OTE
–
The
mnet
and
mmask
commands in the
/cfg/slb/adv
menu are used for a differ-
ent purpose.
When an IP packet reaches the Management Processor, the source IP address is checked
against the range of addresses defined by mnet and mmask. If the source IP address of the host
or hosts are within this range, they are allowed to attempt to log in. Any packet addressed to a
switch IP interface with a source IP address outside this range is discarded silently.
Example:
Assume that the
mnet
is set to 192.192.192.0 and the
mmask
is set to
255.255.255.128. This defines the following range of allowed IP addresses: 192.192.192.1 to
192.192.192.127.
n
A host with a source IP address of 192.192.192.21 falls within the defined range and
would be allowed to access the switch Management Processor.
n
A host with a source IP address of 192.192.192.192 falls outside the defined range and is
not granted access. To make this source IP address valid, you would need to shift the host
to an IP address within the valid range specified by the
mnet
and
mmask
or modify the
mnet
to be 192.192.192.128 and the
mmask
to be 255.255.255.128. This would put the
192.192.192.192 host within the valid range allowed by the
mnet
and
mmask
(192.192.192.128-255).
N
OTE
–
When the
mnet
and
mmask
Management Processor filter is applied, Routing Inter-
face Protocol (RIP) updates received by the switch will be discarded if the source IP address of
the RIP packet(s) falls outside the specified range. You can correct this by configuring static
routes.