Examples – Allied Telesis AT-S63 User Manual

Page 442

background image

Chapter 38: Management Access Control List

442

Section IX: Management Security

Examples

Following are several examples of ACEs.

This ACE allows the management station with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser, and to ping the device:

IP Address:

149.11.11.11

Mask:

255.255.255.255

Application Type:

All

If the management ACL had only this ACE, remote management of the
switch would be restricted to just that management station.

This ACE permits remote Telnet and web browser management of the
switch from all management stations in the subnet 149.11.11.0. It also
permits the management stations to ping the switch:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

All

This ACE permits remote web browser management of the switch from
the subnet 149.11.11.0. The management workstations can also ping the
device. However, since this ACE does not include Telnet management as
an application type, that form of management is not permitted:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

Web, Ping

A management ACL can contain multiple ACEs. The two ACEs in the next
example allow for remote Telnet management from the subnets
149.11.11.0 and 149.22.22.0. Web browser management and pinging the
device are not permitted:

ACE #1

IP Address:

149.11.11.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet

ACE #2

IP Address:

149.22.22.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet