Chapter 39: Management ACL Commands
556
If you are filtering on a specific IP address, use the mask 255.255.255.255.
For a subnet, the mask will depend on the subnet. For example, to allow
all management workstations in the subnet 149.11.11.0 to manage the
switch, you would enter the mask 255.255.255.0.
The PROTOCOL parameter has only the one setting TCP. This is because
Telnet and web browser management packets for an AT-8500 Series
switch are exclusively TCP.
The INTERFACE parameter allows you control whether the remote
management station can manage the switch using Telnet, a web
browser, or both. For example, you might create an ACE that states that
a particular remote management station can only use a web browser to
manage the switch.
Note
You must specify all the parameters to add an entry.
Example
The following command allows the management workstation with the
IP address 169.254.134.247 to manage the switch from either a Telnet or
web browser management session:
add mgmtacl ipaddress=169.254.134.247
mask=255.255.255.255 protocol=tcp interface=all
The following command allows the management workstation with the
IP address 169.254.134.12 to manage the switch using only a web
browser:
add mgmtacl ipaddress=169.254.134.12
mask=255.255.255.255 protocol=tcp interface=web
The following command allows all management workstations in the
subnet 169.24.144.32 to manage the switch using a Telnet protocol
application:
add mgmtacl ipaddress=169.24.144.32
mask=255.255.255.224 protocol=tcp
interface=telnet