Creating an ace – Allied Telesis AT-S63 User Manual

Chapter 29: Management Access Control List

446

Section VII: Management Security

Creating an ACE

To add a new ACE to the management ACL, perform the following
procedure:

1. From the home page, select Configuration.

The System page is displayed with the General tab selected by
default, as shown in Figure 5 on page 38.

2. From the Configuration menu, select the Mgmt. Security option.

The Mgmt. Security page is displayed with the Mgmt. ACL tab selected
by default, as shown in Figure 183 on page 444.

Any ACEs already existing in the management ACL are listed in the
middle section of the tab.

3. To add a new ACE, configure the following parameters in the Mgmt.

ACT tab:

Mgmt. ACL IP Address
Enter the IP address of a management workstation that you want to be
able to manage the switch (for example, 149.11.11.11). Alternatively,
you can specify a subnet. You must enter an IP address. If you enter
an IP address of a specific management node, then that node will be
permitted remote management access to the switch. If you enter a
subnet, any management node in the subnet will be permitted remote
management access to the switch.

Protocol
Specify the protocol of the management packets. There is only one
selection, TCP.

Mgmt. ACL IP Mask
Enter a mask that indicates the parts of the IP address the switch
should filter on. A binary “1” indicates the switch should filter on the
corresponding bit of the address, while a “0” indicates that it should
not. If you are filtering on a specific IP address, use the mask
255.255.255.255. If you are filtering on a subnet, the mask will depend
on the address. For example, to allow all management workstations in
the subnet 149.11.11.0 to manage the switch, you would enter the
mask 255.255.255.0.

Interface
Specify the interface you want the management station to be able to
use when managing the switch. The options are:

Telnet - Allows Telnet management packets.

Web - Allows web browser management packets.