Management acl security overview, Parts of a management ace – Allied Telesis AT-S63 User Manual
Page 846

Chapter 37: Management Access Control List
846
Section VIII: Management Security
Management ACL Security Overview
This chapter explains how to restrict remote management access of a 
switch by creating a management access control list (management ACL). 
This feature controls which management stations can remotely manage 
the device using the Telnet application protocol or a web browser.
The switch uses the management ACL to filter the management packets 
that it receives. The switch accepts and processes only those 
management packets that meet the criteria stated in the ACL. Those 
management packets that do not meet the criteria are discarded.
The benefit of this feature is that you can prevent unauthorized access to 
the switch by controlling which workstations are to have remote 
management access. You can even control which method, Telnet or web 
browser, that a remote manager can use.
For example, you can create a management ACL that allows the switch to 
accept management packets only from the management stations in one 
subnet or from just one or two specific management stations.
An access control list (ACL) is a list of one or more statements that define 
which management packets the switch accepts. Each statement, referred 
to as an access control entry (ACE), contains criteria that the switch uses 
in making the determination.
An ACE in a management ACL is an implicit “permit” statement. This 
means that a management packet that meets the criteria of an ACE is 
processed by the switch. Consequently, the ACEs that you enter into the 
management ACL should specify which management packets you want 
the switch to process. Packets that do not meet any of the ACEs in the 
management ACL are discarded.
Parts of a
Management
ACE
An ACE has the following four parts:
IP address
Subnet mask
Application
IP Address
You can specify the IP address of a specific management station or a 
subnet.
