Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section IX: Management Security
433
Overview
This chapter explains how to restrict remote management access of a
switch by creating a management access control list (management ACL).
This feature controls which management stations can remotely manage
the device using the Telnet application protocol or a web browser.
switch by creating a management access control list (management ACL).
This feature controls which management stations can remotely manage
the device using the Telnet application protocol or a web browser.
The switch uses the management ACL to filter the management packets
that it receives. The switch accepts and processes only those
management packets that meet the criteria stated in the ACL. Those
management packets that do not meet the criteria are discarded.
that it receives. The switch accepts and processes only those
management packets that meet the criteria stated in the ACL. Those
management packets that do not meet the criteria are discarded.
The benefit of this feature is that you can prevent unauthorized access to
the switch by controlling which workstations are to have remote
management access. You can even control which method, Telnet or web
browser, that a remote manager can use.
the switch by controlling which workstations are to have remote
management access. You can even control which method, Telnet or web
browser, that a remote manager can use.
For example, you can create a management ACL that allows the switch to
accept management packets only from the management stations in one
subnet or from just one or two specific management stations.
accept management packets only from the management stations in one
subnet or from just one or two specific management stations.
An access control list (ACL) is a list of one or more statements that define
which management packets the switch accepts. Each statement, referred
to as an access control entry (ACE), contains criteria that the switch uses
in making the determination.
which management packets the switch accepts. Each statement, referred
to as an access control entry (ACE), contains criteria that the switch uses
in making the determination.
An ACE in a management ACL is an implicit “permit” statement. This
means that a management packet that meets the criteria of an ACE is
processed by the switch. Consequently, the ACEs that you enter into the
management ACL should specify which management packets you want
the switch to process. Packets that do not meet any of the ACEs in the
management ACL are discarded.
means that a management packet that meets the criteria of an ACE is
processed by the switch. Consequently, the ACEs that you enter into the
management ACL should specify which management packets you want
the switch to process. Packets that do not meet any of the ACEs in the
management ACL are discarded.