Configuring Security
Configuring Management Access Methods
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 196
16
- User Defined—Applies to the selected interface. You need to select a
port or LAG from the Interface drop-down menu.
• Applies to Source IP Address—Select the type of source IP address to
which the access profile applies. The options are:
- All—Applies to all IP addresses.
- User Defined—Applies to only those types of IP addresses defined in
the fields.
• IP Version—Select either Version 4 or Version 6 to define the source IP
address.
• IP Address—Enter the source IP address.
• Mask—Select the format for the subnet mask for the source IP address, and
enter a value in one of the fields:
-
Network Mask
—Select the subnet to which the source IP address
belongs and enter the subnet mask in dotted decimal format.
-
Prefix Length
—Select the Prefix Length and enter the number of bits that
comprise the source IP address prefix.
STEP 5 Click Apply. The access profile is created, and the Running Configuration is
updated.
Configuring Profile Rules
Access profiles can contain multiple rules to determine who is permitted to
manage and access the switch, and the access methods that may be used.
Each rule in an access profile contains an action and a criteria (one or more
parameters) to match. Each rule has a priority; rules with the lowest priority are
checked first. If the incoming packet matches a rule, the action associated with the
rule is performed. If no matching rule is found within the active access profile, the
packet is dropped.
For example, you can limit access to the switch from all IP addresses except IP
addresses that are allocated to the IT management center. In this way, the switch
can still be managed and has gained another layer of security.
To Next Page
Loading...
