Configuring the Switch
3-110
3
CLI
– This example assigns an IP access list to port 1, and an IP access list to
port 3.
Filtering IP Addresses for Management Access
You can create a list of up to 16 IP addresses or IP address groups that are allowed
management access to the switch through the web interface, SNMP, or Telnet.
Command Usage
• The management interfaces are open to all IP addresses by default. Once you add
an entry to a filter list, access to that interface is restricted to the specified
addresses.
• If anyone tries to access a management interface on the switch from an invalid
address, the switch will reject the connection, enter an event message in the
system log, and send a trap message to the trap manager.
• IP address can be configured for SNMP, web and Telnet access respectively. Each
of these groups can include up to five different sets of addresses, either individual
addresses or address ranges.
• When entering addresses for the same group (i.e., SNMP, web or Telnet), the
switch will not accept overlapping address ranges. When entering addresses for
different groups, the switch will accept overlapping address ranges.
• You cannot delete an individual address from a specified range. You must delete
the entire range, and reenter the addresses.
• You can delete an address range just by specifying the start address, or by
specifying both the start address and end address.
Command Attributes
•
Web IP Filter
– Configures IP address(es) for the web group.
•
SNMP IP Filter
– Configures IP address(es) for the SNMP group.
•
Telnet IP Filter
– Configures IP address(es) for the Telnet group.
•
IP Filter List
– IP address which are allowed management access to this interface.
•
Start IP Address
– A single IP address, or the starting address of a range.
•
End IP Address
– The end address of a range.
•
Add/Remove Filtering Entry
– Adds/removes an IP address from the list.
Console(config)#interface ethernet 1/1
4-166
Console(config-if)#ip access-group david in
4-144
Console(config-if)#exit
Console(config)#interface ethernet 1/3
Console(config-if)#ip access-group david in
Console(config-if)#
Summary of Contents for 6128PL2
Page 2: ......
Page 8: ...viii ...
Page 26: ...Contents xviii ...
Page 30: ...Tables xxii ...
Page 52: ...Initial Configuration 2 10 2 ...
Page 308: ...Configuring the Switch 3 256 3 ...
Page 473: ...SNMP Commands 4 165 4 ...
Page 644: ...Command Line Interface 4 336 4 ...
Page 648: ...Software Specifications A 4 A ...
Page 663: ......