Examples – Allied Telesis AT-S63 User Manual

Chapter 35: Management Access Control Lists

778

Section VII: Management Security

ˆ

Activating this feature without specifying any ACEs prohibits you from
managing the switch remotely using a Telnet application or web
browser because the switch discards all Telnet and web browser
management packets.

ˆ

You can apply management ACLs to both master and slave switches
in an enhanced stack. A management ACL on a master switch filters
management packets intended for the master switch as well as those
intended for any slave switches that you manage through the master
switch. A management ACL applied to a slave switch filters only those
management packets directed to the slave switch.

Examples

Following are several examples of management ACLs and ACEs:.

This ACE allows the management station with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser:

IP Address 149.11.11.11

Mask

255.255.255.255

Protocol

TCP

Interface

All

If the management ACL contained only the above ACE, then only the
management station specified in the ACE would be allowed to manage the
switch.

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using either the Telnet application or a web
browser:

IP Address 149.11.11.0

Mask

255.255.255.0

Protocol

TCP

Interface

All

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using a web browser, but not the Telnet
application:

IP Address 149.11.11.0
Mask

255.255.255.0

Protocol

TCP

Interface

Web

A management ACL can contain multiple ACEs. The two ACEs in this ACL
allow all management packets from the subnets 149.11.11.0 and
149.22.22.0 to manage the switch using the Telnet application, but not a
web browser: