beautypg.com

Management access control list overview, Parts of a management ace – Allied Telesis AT-S62 User Manual

Page 708

background image

Chapter 36: Management Access Control List

Section VII: Management Security

708

Management Access Control List Overview

The Management Access Control List (ACL) is a tool for restricting
remote management access to a switch. You can use this feature to
control which management workstations can remotely manage the
device using the Telnet application protocol or a web browser.

The Management ACL filters the remote management packets that a
switch receives. The switch accepts and processes only those
management packets that meet the criteria stated in the ACL. Those
management packets that do not meet the criteria are discarded.

The benefit of this feature is that you can prevent unauthorized
management access to the switch by controlling which workstations are
to have remote management access. You can even control which
method, Telnet or web browser, a remote manager can use. For
example, you could create a Management ACL that allows the switch to
accept management packets only from the management stations in one
particular subnet or from just one or two specific management stations.

Note

This feature is not related to the access control list feature described
in Chapter 15 on page 237. They perform different functions and are
configured in different ways.

A management access control list is a list of one or more statements that
define which management packets the switch will accept. Each
statement, referred to as an access control entry (ACE), contains the
criteria the switch uses in making the determination.

An ACE in a Management ACL is an implicit “permit” statement, meaning
that a management packet that meets the criteria of an ACE is processed
by the switch. Consequently, the ACEs you enter into the Management
ACL must specify which management packets you want the switch to
process. Packets that do not meet any of the ACEs in the Management
ACL are discarded.

Parts of a

Management

ACE

An ACE in a Management ACL has the following four parts:

❑ IP address

❑ Subnet mask

❑ Protocol

❑ Interface

See also other documents in the category Allied Telesis Computer hardware: