Linksys SRW248G4, SRW224G4, SRW2016 manual Security Tab for SRW2048 Switches - Profile Rules

WebView Switches

Security Tab for SRW2048 Switches - Profile Rules

The Profile Rules screen contains fields for defining profiles and rules for accessing the Switch. Access to management functions can be limited to user groups, which are defined by ingress interfaces and source IP address or source IP subnets.

Management access can be separately defined for each type of management access method, including Web (HTTP), Secure Web (HTTPS), Telnet, and Secure Telnet. Access to different management methods may differ between user groups. For example, User Group 1 can access the device only via an HTTPS session, while User Group 2 can access the device via both HTTPS and Telnet sessions.

Management Access Lists contain up to 256 rules that determine which users can manage the device, and by which methods. Users can also be blocked from accessing the device.

Access Profile Name. This user-defined name can contain up to 32 characters.

Priority. The rule priority. When the packet is matched to a rule, user groups are either granted access or denied access to device management. The rule order is set by defining a rule priority using this field. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis. The rule priorities can be viewed in the Profile Rules Table.

Interface. The interface type to which the rule applies. This is an optional field. This rule can be applied to a selected port, LAG, or VLAN by selecting the check box, then selecting the appropriate option button and interface.

Management Method. The management method for which the access profile is defined. Users with this access profile are denied or permitted access to the device from the selected management method (line). Assigning an access profile to an interface denies access via other interfaces. If an access profile is not assigned to any interface, the device can be accessed by all interfaces.

Source IP Address. Shown in the format X.X.X.X, this is the interface source IP address for which the rule applies. This is an optional field and indicates that the rule is valid for a subnetwork.

Prefix Length. Shown in the format /XX, this displays the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.

Action - Defines whether to permit or deny management access to the defined interface.

To modify the settings on this screen, click the Edit icon, which resembles a pencil, to open the edit screen.

To delete a rule, click the Remove icon, which appears as a red X.

Chapter 5: Using the Web-based Utility for Configuration

NOTE: This section applies to the SRW2048 Switch ONLY. For all other switches, refer to the sections titled Security Tab for Other Switches.

Figure 5-42: SRW2048 Switch Security - Profile Rules

47