Using Access Profiles
45
The subnet mask specified in the access profile command is interpreted as
a
reverse mask
. A reverse mask indicates the bits that are significant in
the IP address. In other words, a reverse mask specifies the part of the
address that must match the IP address to which the profile is applied.
If you configure an IP address that is an exact match that is specifically
denied or permitted, use a mask of /32 (for example, 141.251.24.28/32).
If the IP address represents a subnet address that you wish to deny or
permit, then configure the mask to cover only the subnet portion (for
example, 141.251.10.0/24).
If you are using off-byte boundary subnet masking, the same logic
applies, but the configuration is more tricky. For example, the address
141.251.24.128/27 represents any host from subnet 141.251.24.128.
Access Profile Rules
The following rules apply when using access profiles:
■
Only one access profile can be applied to each application.
■
The access profile can either permit or deny the entries in the profile.
■
The same access profile can be applied to more than one application.
There is an implicit aspect to access profiles. For instance, if an access
profile of mode permit is applied, then all other sources are assumed
denied, and are not permitted access to the application. On the other, if
an access profile of mode deny is applied, then all other sources are
assumed permitted.
Access Profile Example
The following example creates an access profile named
testpro
, and
denies access for the device with the IP address 192.168.10.10:
create access-profile testpro type ipaddress
config access-profile testpro mode deny
config access-profile testpro add ipaddress 192.168.10.10/32
The following command applies the access profile
testpro
to Telnet:
enable telnet access-profile testpro
To view the contents of an access profile, type:
show access-profile <access_profile>
Summary of Contents for 3C17705
Page 10: ...GLOSSARY INDEX INDEX OF COMMANDS 3COM CORPORATION LIMITED WARRANTY EMC STATEMENTS ...
Page 14: ...14 ABOUT THIS GUIDE ...
Page 32: ...32 CHAPTER 2 INSTALLATION AND SETUP ...
Page 62: ...62 CHAPTER 3 ACCESSING THE SWITCH ...
Page 80: ...80 CHAPTER 4 VIRTUAL LANS VLANS ...
Page 86: ...86 CHAPTER 5 FORWARDING DATABASE FDB ...
Page 98: ...98 CHAPTER 6 SPANNING TREE PROTOCOL STP ...
Page 110: ...110 CHAPTER 7 QUALITY OF SERVICE QOS ...
Page 124: ...124 CHAPTER 8 STATUS MONITORING AND STATISTICS ...
Page 130: ...130 CHAPTER 9 USING THE WEB INTERFACE ...
Page 136: ...136 CHAPTER 10 SOFTWARE UPGRADE AND BOOT OPTIONS ...
Page 156: ...156 APPENDIX C TROUBLESHOOTING ...
Page 162: ......
Page 176: ...176 INDEX ...
Page 180: ...180 INDEX OF COMMANDS ...