Dell PowerConnect B-RX Configuration Manual page 141
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
The <num> parameter specifies the number of a standard ACL, 1 – 99.
The <name> parameter specifies the standard access list name.
The ipv6 <ipv6-access-list-name> parameter specifies the IPv6 access list.
These commands configure ACL 12, then apply the ACL as the access list for Web management
access. The device denies Web management access from the IP addresses listed in ACL 12 and
permits Web management access from all other IP addresses. Without the last ACL entry for
permitting all packets, this ACL would deny Web management access from all IP addresses.
Using ACLs to restrict SNMP access
To restrict SNMP access to the device using ACLs, enter commands such as the following.
NOTE
The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH,
and Web management access using ACLs.
BigIron RX(config)# access-list 25 deny host 209.157.22.98 log
BigIron RX(config)# access-list 25 deny 209.157.23.0 0.0.0.255 log
BigIron RX(config)# access-list 25 deny 209.157.24.0 0.0.0.255 log
BigIron RX(config)# access-list 25 permit any
BigIron RX(config)# access-list 30 deny 209.157.25.0 0.0.0.255 log
BigIron RX(config)# access-list 30 deny 209.157.26.0/24 log
BigIron RX(config)# access-list 30 permit any
BigIron RX(config)# snmp-server community public ro 25
BigIron RX(config)# snmp-server community private rw 30
BigIron RX(config)# write memory
The commands configure ACLs 25 and 30, then apply the ACLs to community strings. ACL 25 is
used to control read-only access using the "public" community string. ACL 30 is used to control
read-write access using the "private" community string.
Syntax: snmp-server community <string> ro | rw
The <string> parameter specifies the SNMP community string the user must enter to gain SNMP
access.
NOTE
The ro parameter indicates that the community string is for read-only ("get") access. The rw
parameter indicates the community string is for read-write ("set") access.
The <standard-acl-name> | <standard-acl-id> | ipv6 <ipv6-access-list-name> parameter specifies
which ACL will be used to filter incoming SNMP packets.
The <standard-acl-id> parameter specifies the number of a standard ACL, 1 – 99.
The <standard-acl-name> parameter specifies the standard access list name.
NOTE
When snmp-server community is configured, all incoming SNMP packets are validated first by their
community strings and then by their bound ACLs. Packets are permitted if no filters are configured
for an ACL.
BigIron RX Series Configuration Guide
53-1002253-01
<standard-acl-name> | <standard-acl-id>
Restricting remote access to management functions
4
65
Advertisement
Table of Contents
