Examples – Allied Telesis AT-S63 User Manual

Chapter 24: Access Control Lists

530

Section IV: Security

them.

❑ The protocol is always TCP.

❑ The management ACL does not control local management or

remote SNMP management of a switch.

❑ Activating this feature without specifying any ACEs prohibits you

from managing the switch remotely using a Telnet application or
web browser because the switch discards all Telnet and web
browser management packets.

❑ You can apply management ACLs to both master and slave

switches in an enhanced stack. A management ACL on a master
switch filters management packets intended for the master
switch as well as those intended for any slave switches that you
manage through the master switch. A management ACL applied
to a slave switch filters only those management packets directed
to the slave switch.

Examples

Following are several examples of management ACLs and ACEs:.

This ACE allows the management station with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser:

IP Address

149.11.11.11

Mask

255.255.255.255

Protocol

TCP

Interface

All

If the management ACL contained only the above ACE, then only the
management station specified in the ACE would be allowed to manage
the switch.

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using either the Telnet application or a web
browser:

IP Address

149.11.11.0

Mask

255.255.255.0

Protocol

TCP

Interface

All

This ACE allows all management stations in the subnet 149.11.11.0 to
remotely manage the switch using a web browser, but not the Telnet
application:

IP Address

149.11.11.0