Example – Allied Telesis AT-S63 User Manual

Page 547

Advertising
background image

AT-S63 Management Software Command Line Interface User’s Guide

547

There can be up to 256 ACEs in a Management ACL.

An ACE is an implicit “permit” statement. A workstation that meets the
criteria of the ACE will be allowed to remotely manage the switch.

The IPADDRESS parameter specifies the IP address of a specific
management station or a subnet.

The MASK parameter indicates the parts of the IP address the switch
should filter on. A binary “1” indicates the switch should filter on the
corresponding bit of the address, while a “0” indicates that it should not. If
you are filtering on a specific IP address, use the mask 255.255.255.255.
For a subnet, you need to enter the appropriate mask. For example, to
allow all management stations in the subnet 149.11.11.0 to manage the
switch, you would enter the mask 255.255.255.0.

The PROTOCOL parameter allows you to choose TCP, UDP, or both as
the protocol for the management packets. Since Telnet and web browser
management packets for an AT-8524M switch are exclusively TCP, only
that protocol should be specified as the protocol.

The INTERFACE parameter allows you control whether the remote
management station can manage the switch using Telnet, a web browser,
or both. For example, you might create an ACE that states that a particular
remote management station can only use a web browser to manage the
switch.

Note

You must specify all the parameters when you add an entry.

Example

The following command allows the management station with the IP
address 169.254.134.247 to manage the switch from either a Telnet or
web browser management session:

add mgmtacl ipaddress=169.254.134.247 mask=255.255.255.255
protocol=tcp interface=all

The following command allows the management station with the IP
address 169.254.134.12 to manage the switch only from a web browser
management session:

add mgmtacl ipaddress=169.254.134.12 mask=255.255.255.255
protocol=tcp interface=web

The following command allows all management stations in the Class A
subnet 169.24.144.128 to manage the switch using a Telnet protocol
application:

Advertising
Popular Brands
Popular manuals