Management access control list overview, Parts of a management ace – Allied Telesis AT-S62 User Manual
Page 564
Chapter 30: Management Access Control List
Section VII: Management Security
564
Management Access Control List Overview
The Management Access Control List (ACL) is a tool for restricting
remote management access to a switch. You can use this feature to
control which management workstations can remotely manage the
device using the Telnet application protocol or a web browser.
The Management ACL filters the remote management packets that a
switch receives. The switch accepts and processes only those
management packets that meet the criteria stated in the ACL. Those
management packets that do not meet the criteria are discarded.
The benefit of this feature is that you can prevent unauthorized
management access to the switch by controlling which workstations are
to have remote management access. You can even control which
method, Telnet or web browser, a remote manager can use. For
example, you could create a Management ACL that allows the switch to
accept management packets only from the management stations in one
particular subnet or from just one or two specific management stations.
An access control list is a list of one or more statements that define
which management packets the switch will accept. Each statement,
referred to as an access control entry (ACE), contains the criteria the
switch uses in making the determination.
An ACE in a Management ACL is an implicit “permit” statement, meaning
that a management packet that meets the criteria of an ACE is processed
by the switch. Consequently, the ACEs you enter into the Management
ACL must specify which management packets you want the switch to
process. Packets that do not meet any of the ACEs in the Management
ACL are discarded.
Parts of a
Management
ACE
An ACE in a Management ACL has the following four parts:
❑ IP address
❑ Subnet mask
❑ Protocol
❑ Interface
IP Address
You can specify the IP address of a specific management workstation or
a subnet.