Cisco Cisco SG200-26P 26-port Gigabit PoE Smart Switch メンテナンスマニュアル
Security
Management Access Profile Rules
Cisco Small Business SF200E Series Advanced Smart Switch
163
10
•
Rule Priority—The rules are validated against the incoming management
request in the ascending order of their priorities. If a rule matches, the
specified action is performed and rules below are ignored. For example, if
you configure Source IP 10.10.10.10 with priority 1 to Permit, and configure
Source IP 10.10.10.10 with priority 2 to Deny, then access is permitted to this
IP address when the profile is active, and the second rule is ignored. The
range is 1 to 16, with 1 having the highest priority.
request in the ascending order of their priorities. If a rule matches, the
specified action is performed and rules below are ignored. For example, if
you configure Source IP 10.10.10.10 with priority 1 to Permit, and configure
Source IP 10.10.10.10 with priority 2 to Deny, then access is permitted to this
IP address when the profile is active, and the second rule is ignored. The
range is 1 to 16, with 1 having the highest priority.
•
Management Method—The method used to access the switch
configuration. By default, all management methods are available to all users.
configuration. By default, all management methods are available to all users.
To limit access to the web-based switch configuration utility only to
specified users, for example, you can create a rule in which HTTP access is
denied to all users, and then create another rule in which specific users are
permitted. The rule that permits the specific users must have a higher Rule
Priority than the rule that denies all users.
specified users, for example, you can create a rule in which HTTP access is
denied to all users, and then create another rule in which specific users are
permitted. The rule that permits the specific users must have a higher Rule
Priority than the rule that denies all users.
CAUTION:
If a profile is activated that denies access to an intranet or domain
where a current web management session is active, the session remains
active until logout or timeout. Future sessions are blocked by the profile.
Active sessions using Internet Explorer 8 are terminated immediately unless
the switch management IP address is added to the Local Intranet Sites list in
Internet Explorer. See
active until logout or timeout. Future sessions are blocked by the profile.
Active sessions using Internet Explorer 8 are terminated immediately unless
the switch management IP address is added to the Local Intranet Sites list in
Internet Explorer. See
for instructions.
•
Action—Select the action to be performed when the rules criteria is
matched.
matched.
-
Permit—The specified interface, user, or IP address is permitted access
to the switch that would otherwise be explicitly forbidden by a deny rule.
to the switch that would otherwise be explicitly forbidden by a deny rule.
-
Deny—The specified interface, user, or IP address is denied access to
the switch.
the switch.
•
Applies to Interface—Select All to apply this rule to all interfaces (ports and
LAGs). Or, select User Defined and select the port or LAG that the rule
applies to.
LAGs). Or, select User Defined and select the port or LAG that the rule
applies to.
•
Applies to User—Select All to apply this rule to all system users. Or, select
User Defined and select a User Name that the rule applies to.
User Defined and select a User Name that the rule applies to.
•
Applies to Source IP Address—Select All to apply the rule to any source IP
addresses. Or select User Defined and specify a source IPv4 address and
mask that this rule applies to.
addresses. Or select User Defined and specify a source IPv4 address and
mask that this rule applies to.
STEP 6
Click Apply and then click Close. Your changes are saved to the Running
Configuration.
Configuration.