Create mgmtacl – Allied Telesis AT-S63 User Manual

Page 663

background image

AT-S63 Management Software Command Line Interface User’s Guide

Section VIII: Management Security

663

CREATE MGMTACL

Syntax

create mgmtacl id=

value

ipddress=

ipaddress

mask=

string

application=telnet|web|ping|all

Parameters

id

Specifies an identification number for the new access

control entry. The range is 1 to 256. Every ACE must
have a unique identification number.

ipaddress

Specifies the IP address of a subnet or a specific

management station.

mask

Specifies the mask used by the switch to filter the IP

address. A binary “1” indicates the switch should filter
on the corresponding bit of the address, while a “0”
indicates that it should not. If, with the IPADDRESS
parameter, you specify the IP address of a specific
management station, the appropriate mask is
255.255.255.255. If you are filtering on a subnet, then
the mask would depend on the address. For example,
for a Class C subnet address of 149.11.11.32, the mask
would be 255.255.255.224.

application

Specifies the permitted type of remote management.

The options are:

telnet

Permits Telnet management.

web

Permits web browser management.

ping

Permits the management workstation to ping
the switch.

all

Permits all of the above.

You can specify more than one option by separating
them with a comma (for example, “Web,Ping”).

Description

This command creates a new access control entry for the Management
ACL. The Management ACL controls who can manage the switch
remotely using a web browser or the Telnet application protocol. There
can be up to 256 ACEs in a Management ACL.