Table of Contents
Advertisement
Foundry Switch and Router Installation and Configuration Guide
Using ACLs to Restrict Remote Access
You can use standard ACLs to control the following access methods to management functions on a Foundry
device:
•
Telnet access
•
Web management access
•
SNMP access
To configure access control for these management access methods:
1.
Configure an ACL with the IP addresses you want to allow to access the device
2.
Configure a Telnet access group, web access group, and SNMP community strings. Each of these
configuration items accepts an ACL as a parameter. The ACL contains entries that identify the IP addresses
that can use the access method.
The following sections present examples of how to secure management access using ACLs. See Chapter 13,
"Using Access Control Lists (ACLs)", for more information on configuring ACLs.
Using an ACL to Restrict Telnet Access
To configure an ACL that restricts Telnet access to the device, enter commands such as the following:
BigIron(config)# access-list 10 deny host 209.157.22.32 log
BigIron(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log
BigIron(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log
BigIron(config)# access-list 10 deny 209.157.25.0/24 log
BigIron(config)# access-list 10 permit any
BigIron(config)# telnet access-group 10
BigIron(config)# write memory
Syntax: telnet access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.
The commands above configure ACL 10, then apply the ACL as the access list for Telnet access. The device
allows Telnet access to all IP addresses except those listed in ACL 10.
To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end of the ACL.
For example:
BigIron(config)# access-list 10 permit host 209.157.22.32
BigIron(config)# access-list 10 permit 209.157.23.0 0.0.0.255
BigIron(config)# access-list 10 permit 209.157.24.0 0.0.0.255
BigIron(config)# access-list 10 permit 209.157.25.0/24
BigIron(config)# telnet access-group 10
BigIron(config)# write memory
The ACL in this example permits Telnet access only to the IP addresses in the permit entries and denies Telnet
access from all other IP addresses.
Using an ACL to Restrict Web Management Access
To configure an ACL that restricts Web management access to the device, enter commands such as the following:
BigIron(config)# access-list 12 deny host 209.157.22.98 log
BigIron(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log
BigIron(config)# access-list 12 deny 209.157.24.0/24 log
BigIron(config)# access-list 12 permit any
BigIron(config)# web access-group 12
BigIron(config)# write memory
Syntax: web access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.
3 - 4
December 2000
- Quick Links:
- Configuring Ip Addresses
Hide quick links:
Advertisement
Chapters
Table of Contents
Need help?
Do you have a question about the Switch and Router and is the answer not in the manual?