Assistance in the Protection from Un-
authorized Access
UM Basic Configuration L3P
Release
7.1
12/2011
6.4
Restricted Management Access
99
6.4 Restricted Management
Access
The device allows you to differentiate the management access to the device
based on IP address ranges, and to differentiate these based on
management services (http, snmp, telnet, ssh). You thus have the option to
set finely differentiated management access rights.
If you only want the device, which is located, for example, in a production
plant, to be managed from the network of the IT department via the Web
interface, but also want the administrator to be able to access it remotely via
SSH, you can achieve this with the “Restricted management access”
function.
You can configure this function using the Web-based interface or the CLI.
The Web-based interface provides you with an easy configuration option.
Make sure you do not unintentionally block your access to the device. The
CLI access to the device via V.24 provided at all times is excluded from the
function and cannot be restricted.
In the following example, the IT network has the address range 192.168.1.0/
24 and the remote access is from a mobile phone network with the IP
address range 109.237.176.0 - 109.237.176.255.
The device is always ready for the SSH access (see on page 287 “Preparing
access via SSH”) and the SSH client application already knows the
fingerprint of the host key on the device.
Parameter IT network Mobile phone
network
Network address 192.168.1.0 109.237.176.0
Netmask 255.255.255.0 255.255.255.0
Desired management access http, snmp ssh
Table 4: Example parameter for the restricted management access
enable Switch to the privileged EXEC mode.
show network mgmt-access Display the current configuration.
network mgmt-access add Create an entry for the IT network. This is given
the smallest free ID - in the example, 2.
To Next Page
Loading...
Need help?
General
