Restricted Management Access - Hirschmann RS20 User Manual

Protection from Unauthorized Access
6.4 Restricted Management
Access
The device allows you to differentiate the management access to the device
based on IP address ranges, and to differentiate these based on
management services (http, snmp, telnet, ssh). You thus have the option to
set finely differentiated management access rights.
If you only want the device, which is located, for example, in a production
plant, to be managed from the network of the IT department via the Web
interface, but also want the administrator to be able to access it remotely via
SSH, you can achieve this with the "Restricted management access"
function.
You can configure this function using the Web-based interface or the CLI.
The Web-based interface provides you with an easy configuration option.
Make sure you do not unintentionally block your access to the device. The
CLI access to the device via V.24 provided at all times is excluded from the
function and cannot be restricted.
In the following example, the IT network has the address range 192.168.1.0/
24 and the remote access is from a mobile phone network with the IP
address range 109.237.176.0 - 109.237.176.255.
The device is always ready for the SSH access
Access via SSH")
fingerprint of the host key on the device.
Parameter
IT network address
IT network netmask
Desired management access from the IT network
Mobile phone network address
Mobile phone network netmask
Desired management access from the mobile phone
network
Table 4: Example parameter for the restricted management access
Basic Configuration
Release 6.0 07/2010
and the SSH client application already knows the

6.4 Restricted Management Access

(see on page 233 "Preparing
Value
192.168.1.0
255.255.255.0
http, snmp
109.237.176.0
255.255.255.0
ssh
87