Filter
Top Products
Chapter 37: Management Access Control List
436 Section IX: Management Security
Examples
Following are several examples of ACEs.
This ACE allows the management station with the IP address
149.11.11.11 to remotely manage the switch using either the Telnet
application protocol or a web browser, and to ping the device:
IP Address: 149.11.11.11
Mask: 255.255.255.255
Application Type: All
If the management ACL had only this ACE, remote management of the
switch would be restricted to just that management station.
This ACE permits remote Telnet and web browser management of the
switch from all management stations in the subnet 149.11.11.0. It also
permits the management stations to ping the switch:
IP Address: 149.11.11.0
Mask: 255.255.255.0
Application Type: All
This ACE permits remote web browser management of the switch from
the subnet 149.11.11.0. The management workstations can also ping the
device. However, since this ACE does not include Telnet management as
an application type, that form of management is not permitted:
IP Address: 149.11.11.0
Mask: 255.255.255.0
Application Type: Web, Ping
A management ACL can contain multiple ACEs. The two ACEs in the next
example allow for remote Telnet management from the subnets
149.11.11.0 and 149.22.22.0. Web browser management and pinging the
device are not permitted:
ACE #1
IP Address: 149.11.11.0
Subnet Mask: 255.255.255.0
Application Type: Telnet
ACE #2
IP Address: 149.22.22.0
Subnet Mask: 255.255.255.0
Application Type: Telnet