Management acl examples – Allied Telesis AT-S62 User Manual

Chapter 36: Management Access Control List

Section VII: Management Security

710

❑ The ACEs are performed in the order in which you enter them in

the ACL. However, you can enter the ACEs in any order since all
ACEs are permit statements.

❑ The protocol is always TCP.

❑ The Management ACL does not control local, SSH, or SNMP

management.

❑ Activating this feature without specifying any ACEs prohibits you

from managing the switch remotely with a Telnet application or
web browser. The switch discards all Telnet and web browser
management packets.

❑ You can apply Management ACLs to both Master and Slave

switches in an enhanced stack. A Management ACL on a Master
switch will filter management packets intended for the Master
switch as well as those intended for any Slave switches that you
manage through the Master switch. A Management ACL applied
to a Slave switch will filter only those management packets
directed to the Slave switch.

Management

ACL Examples

Here are several examples of Management ACLs and ACEs:.

This ACE allows the management workstation with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser:

IP Address

149.11.11.11

Mask

255.255.255.255

Protocol

TCP

Interface

All

If the Management ACL contained only the above ACE, then only that
management workstation would be allowed to remotely manage the
switch.

This ACE allows all management workstations in the subnet 149.11.11.0
to remotely manage the switch using either the Telnet application
protocol or a web browser:

IP Address

149.11.11.0

Mask

255.255.255.0

Protocol

TCP

Interface

All