Foundry Switch and Router Installation and Configuration Guide
3 - 6 December 2000
BigIron(config)# telnet-client 209.157.22.39
Syntax: [no] telnet-client <ip-addr>
Restricting Web Management Access to a Specific IP Address
To allow Web management access to the Foundry device only to the host with IP address 209.157.22.26, enter
the following command:
BigIron(config)# web-client 209.157.22.26
Syntax: [no] web-client <ip-addr>
Restricting SNMP Access to a Specific IP Address
To allow SNMP access (which includes IronView) to the Foundry device only to the host with IP address
209.157.22.14, enter the following command:
BigIron(config)# snmp-client 209.157.22.14
Syntax: [no] snmp-client <ip-addr>
Restricting All Remote Management Access to a Specific IP Address
To allow Telnet, Web, and SNMP management access to the Foundry device only to the host with IP address
209.157.22.69, you can enter three separate commands (one for each access type) or you can enter the following
command:
BigIron(config)# all-client 209.157.22.69
Syntax: [no] all-client <ip-addr>
Restricting Remote Access to the Device to Specific VLAN IDs
You can restrict management access to a Foundry device to ports within a specific port-based VLAN. VLAN-
based access control applies to the following access methods:
• Telnet access
• Web management access
• SNMP access
• TFTP access
By default, access is allowed for all the methods listed above on all ports. Once you configure security for a given
access method based on VLAN ID, access to the device using that method is restricted to only the ports within the
specified VLAN.
VLAN-based access control works in conjunction with other access control methods. For example, suppose you
configure an ACL to permit Telnet access only to specific client IP addresses, and you also configure VLAN-based
access control for Telnet access. In this case, the only Telnet clients that can access the device are clients that
have one of the IP addresses permitted by the ACL and are connected to a port that is in a permitted VLAN.
Clients who have a permitted IP address but are connected to a port in a VLAN that is not permitted still cannot
access the device through Telnet.
Restricting Telnet Access to a Specific VLAN
To allow Telnet access only to clients in a specific VLAN, enter a command such as the following:
BigIron(config)# telnet server enable vlan 10
The command in this example configures the device to allow Telnet management access only to clients connected
to ports within port-based VLAN 10. Clients connected to ports that are not in VLAN 10 are denied management
access.
Syntax: [no] telnet server enable vlan <vlan-id>
To Next Page
Loading...
Need help?
General
