Security tab for srw2048 switches - profile rules – Linksys SRW2016 User Manual

47

Chapter 5: Using the Web-based Utility for Configuration
Security Tab for SRW2048 Switches - Profile Rules

WebView Switches

Security Tab for SRW2048 Switches - Profile Rules

The Profile Rules screen contains fields for defining profiles and rules for accessing the Switch. Access to
management functions can be limited to user groups, which are defined by ingress interfaces and source IP
address or source IP subnets.

Management access can be separately defined for each type of management access method, including Web
(HTTP), Secure Web (HTTPS), Telnet, and Secure Telnet. Access to different management methods may differ
between user groups. For example, User Group 1 can access the device only via an HTTPS session, while User
Group 2 can access the device via both HTTPS and Telnet sessions.

Management Access Lists contain up to 256 rules that determine which users can manage the device, and by
which methods. Users can also be blocked from accessing the device.

Access Profile Name. This user-defined name can contain up to 32 characters.

Priority. The rule priority. When the packet is matched to a rule, user groups are either granted access or denied
access to device management. The rule order is set by defining a rule priority using this field. The rule number is
essential to matching packets to rules, as packets are matched on a first-fit basis. The rule priorities can be
viewed in the Profile Rules Table.

Interface. The interface type to which the rule applies. This is an optional field. This rule can be applied to a
selected port, LAG, or VLAN by selecting the check box, then selecting the appropriate option button and
interface.

Management Method. The management method for which the access profile is defined. Users with this access
profile are denied or permitted access to the device from the selected management method (line). Assigning an
access profile to an interface denies access via other interfaces. If an access profile is not assigned to any
interface, the device can be accessed by all interfaces.

Source IP Address. Shown in the format X.X.X.X, this is the interface source IP address for which the rule
applies. This is an optional field and indicates that the rule is valid for a subnetwork.

Prefix Length. Shown in the format /XX, this displays the number of bits that comprise the source IP address
prefix, or the network mask of the source IP address.

Action - Defines whether to permit or deny management access to the defined interface.

To modify the settings on this screen, click the Edit icon, which resembles a pencil, to open the edit screen.

To delete a rule, click the Remove icon, which appears as a red X.

Figure 5-42: SRW2048 Switch Security - Profile Rules

NOTE: This section applies to the SRW2048 Switch
ONLY. For all other switches, refer to the sections titled
Security Tab for Other Switches.