5-26
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring the Available Interfaces
How to Display Statistics, Keys and Timeouts for Servers
Step 1
From the SCE# prompt, type
show TACACS all
and press
Enter
.
Note that, although most show commands are accessible to viewer level users, the '
all
' option is
available only at the admin level. Use the command '
enable 10
' to access the admin level.
Monitoring Users
Use this command to display the users in the local database, including passwords.
Step 1
From the SCE# prompt, type
show users
and press
Enter
.
Note that, although most show commands are accessible to viewer level users, this command is available
only at the admin level. Use the command '
enable 10
' to access the admin level.
Configuring Access Control Lists (ACLs)
•
Options, page 5-27
•
How to Add Entries to an ACL, page 5-28
•
How to Remove an ACL, page 5-28
•
How to Define a Global ACL, page 5-28
The SCE platform can be configured with Access Control Lists (ACLs), which are used to permit or deny
incoming connections on any of the management interfaces. An access list is an ordered list of entries,
each consisting of an IP address and an optional wildcard “mask” defining an IP address range, and a
permit/deny field.
The order of the entries in the list is important. The default action of the first entry that matches the
connection is used. If no entry in the Access List matches the connection, or if the Access List is empty,
the default action is deny.
Configuration of system access is done in two stages:
1.
Creating an access list. (
How to Add Entries to an ACL, page 5-28
).
2.
Associating the access list with a management interface. (See
How to Define a Global ACL,
page 5-28
and
How to Assign an ACL to the Telnet Interface, page 5-29
.)
Creating an access list is done entry by entry, from the first to the last.
When the system checks for an IP address on an access list, the system checks each line in the access
list for the IP address, starting at the first entry and moving towards the last entry. The first match that
is detected (that is, the IP address being checked is found within the IP address range defined by the
entry) determines the result, according to the permit/deny flag in the matched entry. If no matching entry
is found in the access list, access is denied.