Allied Telesis AT-S63 User Manual

Page 710

background image

Chapter 41: Management ACL Commands

710

Section IX: Management Security

An ACE is an implicit “permit” statement. A workstation that meets the
criteria of the ACE is allowed to remotely manage the switch.

The IPADDRESS parameter specifies the IP address of a specific
management station or a subnet.

The MASK parameter indicates the parts of the IP address the switch
should filter on. A binary “1” indicates the switch should filter on the
corresponding bit of the address, while a “0” indicates that it should not. If
you are filtering on a specific IP address, use the mask 255.255.255.255.
For a subnet, you need to enter the appropriate mask. For example, to
allow all management stations in the subnet 149.11.11.0 to manage the
switch, you would enter the mask 255.255.255.0.

The APPLICATION parameter allows you control whether the remote
management station can manage the switch using Telnet, a web browser,
or both. You can also use it to control whether the workstation can ping the
device. For example, you might create an ACE that states that a particular
remote management station can only use a web browser to manage the
switch.

Note

You must specify all the parameters when creating a new entry.

Examples

The following command creates an ACE that allows the management
station with the IP address 169.254.134.247 to manage the switch from
either a Telnet or web browser management session and to ping the
device:

create mgmtacl id=1 ipaddress=169.254.134.247
mask=255.255.255.255 application=all

The following command creates an ACE that allows the management
station with the IP address 169.254.134.12 to manage the switch with a
web browser and to ping the device. However, the workstation cannot
manage the switch with the Telnet application protocol:

create mgmtacl id=12 ipaddress=169.254.134.12
mask=255.255.255.255 application=web,ping

The following command creates an ACE that allows all management
stations in the Class A subnet 169.24.144.128 to manage the switch using
the Telnet protocol application:

create mgmtacl id=17 ipaddress=169.24.144.128
mask=255.255.255.224 application=telnet