User Guide
516
Configuring Access Security
Access Security Configurations
2.2 Using the CLI
2.2.1 Configuring the Access Control Feature
Follow these steps to configure the access control:
Step 1
configure
Enter global configuration mode.
Step 2
■
Use the following command to control the users’ access by limiting the IP address:
user access-control ip-based enable
Configure the control mode as IP-based.
user access-control ip-based
{
ip-addr ip-mask } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [
all ]
Only the users within a certain IP-range can access the switch via the specified interfaces.
ip-addr
:
Specify the IP address of the user.
ip-mask
:
Specify the subnet mask of the user.
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]
: Select the interfaces where to apply the
Access Control rule. If an interface is unselected, all users can access the switch via it. By
default, all the interfaces are selected.
■
Use the following command to control the users’ access by limiting the MAC address:
user access-control mac-based enable
Configure the control mode as MAC-based.
user access-control mac-based
{
mac-addr } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [
all ]
Only the users with a certain MAC address can access the switch via the specified interfaces.
mac-addr
: Specify the MAC address of the user.
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]
: Select the interfaces where to apply the
Access Control rule. If an interface is unselected, all users can access the switch via it. By
default, all the interfaces are selected.
■
Use the following command to control the users’ access by limiting the ports connected to
the users:
user access-control port-based enable
Configure the control mode as Port-based.
user access-control port-based interface
{
fastEthernet
port-list
|
gigabitEthernet
port-list
|
ten-gigabitEthernet
port-list
} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]
Only the users who are connected to certain ports can access the switch via the specified
interfaces.
port-list
:
Specify the list of Ethernet ports, in the format of 1/0/1-4. You can appoint 5 ports at
most.
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]
: Select the interfaces where to apply the
Access Control rule. If an interface is unselected, all users can access the switch via it. By
default, all the interfaces are selected.
Downloaded from