EasyManuals Logo

Foundry Networks Switch and Router User Manual

Default Icon
1070 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #68 background imageLoading...
Page #68 background image
Foundry Switch and Router Installation and Configuration Guide
3 - 4 December 2000
Using ACLs to Restrict Remote Access
You can use standard ACLs to control the following access methods to management functions on a Foundry
device:
Telnet access
Web management access
SNMP access
To configure access control for these management access methods:
1. Configure an ACL with the IP addresses you want to allow to access the device
2. Configure a Telnet access group, web access group, and SNMP community strings. Each of these
configuration items accepts an ACL as a parameter. The ACL contains entries that identify the IP addresses
that can use the access method.
The following sections present examples of how to secure management access using ACLs. See Chapter 13,
Using Access Control Lists (ACLs), for more information on configuring ACLs.
Using an ACL to Restrict Telnet Access
To configure an ACL that restricts Telnet access to the device, enter commands such as the following:
BigIron(config)# access-list 10 deny host 209.157.22.32 log
BigIron(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log
BigIron(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log
BigIron(config)# access-list 10 deny 209.157.25.0/24 log
BigIron(config)# access-list 10 permit any
BigIron(config)# telnet access-group 10
BigIron(config)# write memory
Syntax: telnet access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 99.
The commands above configure ACL 10, then apply the ACL as the access list for Telnet access. The device
allows Telnet access to all IP addresses except those listed in ACL 10.
To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end of the ACL.
For example:
BigIron(config)# access-list 10 permit host 209.157.22.32
BigIron(config)# access-list 10 permit 209.157.23.0 0.0.0.255
BigIron(config)# access-list 10 permit 209.157.24.0 0.0.0.255
BigIron(config)# access-list 10 permit 209.157.25.0/24
BigIron(config)# telnet access-group 10
BigIron(config)# write memory
The ACL in this example permits Telnet access only to the IP addresses in the permit entries and denies Telnet
access from all other IP addresses.
Using an ACL to Restrict Web Management Access
To configure an ACL that restricts Web management access to the device, enter commands such as the following:
BigIron(config)# access-list 12 deny host 209.157.22.98 log
BigIron(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log
BigIron(config)# access-list 12 deny 209.157.24.0/24 log
BigIron(config)# access-list 12 permit any
BigIron(config)# web access-group 12
BigIron(config)# write memory
Syntax: web access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 99.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Foundry Networks Switch and Router and is the answer not in the manual?

Foundry Networks Switch and Router Specifications

General IconGeneral
BrandFoundry Networks
ModelSwitch and Router
CategorySwitch
LanguageEnglish

Related product manuals