Security
Management Access Method
Cisco Small Business 200 Series Smart Switch Administration Guide 253
19
Each rule in an access profile contains an action and criteria (one or more parameters) to match. Each rule
has a priority; rules with the lowest priority are checked first. If the incoming packet matches a rule, the
action associated with the rule is performed. If no matching rule is found within the active access profile, the
packet is dropped.
For example, you can limit access to the device from all IP addresses except IP addresses that are
allocated to the IT management center. In this way, the device can still be managed and has gained another
layer of security.
To add profile rules to an access profile:
STEP 1 Click Security > Mgmt Access Method > Profile Rules.
STEP 2 Select the Filter field, and an access profile. Click Go.
The selected access profile appears in the Profile Rule Table.
STEP 3 Click Add to add a rule.
STEP 4 Enter the parameters.
• Access Profile Name—Select an access profile.
• Rule Priority—Enter the rule priority. When the packet is matched to a rule, user groups are either
granted or denied access to the device. The rule priority is essential to matching packets to rules, as
packets are matched on a first-fit basis.
• Management Method—Select the management method for which the rule is defined. The options
are:
- All—Assigns all management methods to the rule.
- HTTP—Assigns HTTP access to the rule. Users requesting access to the device that meets the
HTTP access profile criteria, are permitted or denied.
- Secure HTTP (HTTPS)—Users requesting access to the device that meets the HTTPS access
profile criteria, are permitted or denied.
- SNMP—Users requesting access to the device that meets the SNMP access profile criteria are
permitted or denied.
• Action—Select Permit to permit the users that attempt to access the device by using the configured
access method from the interface and IP source defined in this rule. Or select Deny to deny access.
• Applies to Interface—Select the interface attached to the rule. The options are:
- All—Applies to all ports, VLANs, and LAGs.
- User Defined—Applies only to the port, VLAN, or LAG selected.
To Next Page
Loading...
