IBM Partner Pavilion BMD00082 Benutzerhandbuch

BMD00082, February 2009

Chapter 6: Configuring Switch Access  

„

  71

To limit access to the switch, you can set a source IP address (or range) that will be allowed to 
connect to the switch IP interface through Telnet, SSH, or the BBI. This also helps to prevent 
spoofing or attacks on the switch’s TCP/IP stack.   

When an IP packet reaches the switch, the source IP address is checked against the range of 
addresses defined by the management networks and masks (as defined in the 

/cfg/sys/access/mgmt

 menu). 

If the source IP address of the host or hosts are within the defined ranges, they are allowed to 
attempt to log in. Any packet addressed to a switch IP interface with a source IP address out-
side these ranges are discarded. 

Configuring an IP Address Range for the Management Network

Configure the management network IP address and mask in the System Access Management 
Menu.

In this example, the management network is set to 192.192.192.0 and management mask 
is set to 255.255.255.128. This defines the following range of allowed IP addresses: 
192.192.192.1 to 192.192.192.127. The following source IP addresses are granted or not 
granted access to the switch: 

„

A host with a source IP address of 192.192.192.21 falls within the defined range and 
would be allowed to access the switch. 

„

A host with a source IP address of 192.192.192.192 falls outside the defined range and is 
not granted access. To make this source IP address valid, you would need to shift the host 
to an IP address within the valid range specified, or modify the management address to be 

192.192.192.128

. This would put the 192.192.192.192 host within the valid range 

allowed by the configured management network (192.192.192.128–255). 

>> Main# 

Enter Management Network Address:

Enter Management Network Mask: