Allied Telesis AT-S63 User Manual

Chapter 37: Management Access Control List

436

Section IX: Management Security

Following are several examples of ACEs.

This ACE allows the management station with the IP address 
149.11.11.11 to remotely manage the switch using either the Telnet 
application protocol or a web browser, and to ping the device:

IP Address:

149.11.11.11

Mask:

255.255.255.255

Application Type:

All

If the management ACL had only this ACE, remote management of the 
switch would be restricted to just that management station.

This ACE permits remote Telnet and web browser management of the 
switch from all management stations in the subnet 149.11.11.0. It also 
permits the management stations to ping the switch:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

All

This ACE permits remote web browser management of the switch from 
the subnet 149.11.11.0. The management workstations can also ping the 
device. However, since this ACE does not include Telnet management as 
an application type, that form of management is not permitted:

IP Address:

149.11.11.0

Mask:

255.255.255.0

Application Type:

Web, Ping

A management ACL can contain multiple ACEs. The two ACEs in the next 
example allow for remote Telnet management from the subnets 
149.11.11.0 and 149.22.22.0. Web browser management and pinging the 
device are not permitted:

ACE #1

IP Address:

149.11.11.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet

ACE #2

IP Address:

149.22.22.0

Subnet Mask:

255.255.255.0

Application Type:

Telnet