Management acl examples – Allied Telesis AT-S62 User Manual

Chapter 30: Management Access Control List

Section VII: Management Security

566

enter them.

❑ The protocol is always TCP.

❑ The Management ACL does not control local management or

SNMP management.

❑ Activating this feature without specifying any ACEs will prohibit

you from managing the switch remotely using a Telnet
application or web browser because the switch will discard all
Telnet and web browser management packets.

❑ You can apply Management ACLs to both Master and Slave

switches in an enhanced stack. A Management ACL on a Master
switch will filter management packets intended for the Master
switch as well as those intended for any Slave switches that you
manage through the Master switch. A Management ACL applied
to a Slave switch will filter only those management packets
directed to the Slave switch.

Management

ACL Examples

Here are several examples of Management ACLs and ACEs:.

This ACE allows the management workstation with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser:

IP Address

149.11.11.11

Mask

255.255.255.255

Protocol

TCP

Interface

All

If the Management ACL contained only the above ACE, then only the
management workstation specified in the ACE would be allowed to
remotely manage the switch.

This ACE allows all management workstations in the subnet 149.11.11.0
to remotely manage the switch using either the Telnet application
protocol or a web browser:

IP Address

149.11.11.0

Mask

255.255.255.0

Protocol

TCP

Interface

All

This ACE allows all management workstations in the subnet 149.11.11.0
to remotely manage the switch using a web browser, but not the Telnet
application protocol:

IP Address

149.11.11.0

Mask

255.255.255.0