Allied Telesis AT-S62 User Manual

Page 406

406

Description

This command adds an access control entry to the Management ACL.
There can be up to 256 ACEs in a Management ACL.

An ACE is an implicit “permit” statement. A workstation that meets the
criteria of the ACE will be allowed to remotely manage the switch.

The IPADDRESS parameter specifies the IP address of a specific
management workstation or a subnet.

The MASK parameter indicates the parts of the IP address the switch
should filter on. A binary “1” indicates the switch should filter on the
corresponding bit of the address, while a “0” indicates that it should not.
If you are filtering on a specific IP address, use the mask 255.255.255.255.
For a subnet, you need to enter the appropriate mask. For example, to
allow all management workstations in the subnet 149.11.11.0 to manage
the switch, you would enter the mask 255.255.255.0.

The PROTOCOL parameter allows you to choose TCP, UDP, or both as the
protocol for the management packets. Since Telnet and web browser
management packets for an AT-8524M switch are exclusively TCP, only
that protocol should be specified as the protocol.

The INTERFACE parameter allows you control whether the remote
management station can manage the switch using Telnet, a web
browser, or both. For example, you might create an ACE that states that
a particular remote management station can only use a web browser to
manage the switch.

Note

You must specify all the parameters when you add an entry.

Example

The following command allows the management workstation with the
IP address 169.254.134.247 to manage the switch from either a Telnet or
web browser management session:

set mgmtacl add ipaddress=169.254.134.247
mask=255.255.255.255 protocol=tcp interface=all

The following command allows the management workstation with the
IP address 169.254.134.12 to manage the switch only from a web
browser management session:

set mgmtacl add ipaddress=169.254.134.12
mask=255.255.255.255 protocol=tcp interface=web