Examples – Allied Telesis AT-S63 User Manual

Chapter 37: Management Access Control List

848

Section VIII: Management Security

switch. A management ACL applied to a slave switch filters only those
management packets directed to the slave switch.

Examples

Following are several examples of ACEs.

This ACE allows the management station with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser, and to ping the device:

IP Address:

149.11.11.11

Mask:

255.255.255.255

Application Type:

All

If the management ACL contained only the above ACE, then only that
management station would be allowed to remotely manage the switch.

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using either the Telnet application or a web
browser, and to ping the device:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

All

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using a web browser and to ping the device,
but prevents management with the Telnet application:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

Web, Ping

A management ACL can contain multiple ACEs. The two ACEs in this ACL
allow all management packets from the subnets 149.11.11.0 and
149.22.22.0 to manage the switch using just the Telnet application. They
cannot use a web browser and they cannot ping the device:

ACE #1

IP Address:

149.11.11.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet

ACE #2

IP Address:

149.22.22.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet