Configuring Management Access List
The Management Access List table lets you control (allow) access to the device's management interfaces (Web, REST API, SSH, and Telnet). You can define up to 50 rules, where each rule defines a management station (client) by IP address (IPv4 or IPv6), and the management interface that the client can access. You can select a specific management interface or you can select the All option to allow access to all management interfaces.
By default (i.e., Management Access List table is empty), any client (IP address) can access all the device's management interfaces. Once you configure access rules for a specific management interface, the device blocks all undefined clients to that specific management interface (rejects with an HTTP 403 Forbidden response).
| ● | If you want to configure management access list rules, the first rule must allow access to the current management interface from the IP address of the computer from which you are currently logged into the device. If you don't configure this rule first, after you configure an access rule for any other IP address, the device immediately blocks your access. |
| ● | If you configure network firewall rules in the Firewall table (see Configuring Firewall Rules), you must configure a firewall rule that allows traffic from IP addresses that you configured in the Management Access List table. |
| ● | If you have configured management access list rules and you no longer want to restrict access to the management interfaces, you need to delete all the rules in the table. However, make sure that you delete the rule last that allows access from the computer (IP address) from which you are currently logged into the device; otherwise, access from your computer will be immediately denied. |
The following procedure describes how to configure the Management Access List table through the Web interface. You can also configure it through ini file [WebAccessList] or CLI (configure system > management-access-list).
| ➢ | To restrict access to a management interface: |
| 1. | Open the Management Access List table (Setup menu > Administration tab > Web & CLI folder > Management Access List). |
| 2. | Click New; the following dialog box is displayed: |
| 3. | Configure a management access list rule according to the parameters described in the table below. |
| 4. | Click Apply, and then save your settings to flash memory. |
Management Access List Table Parameter Descriptions
|
Parameter |
Description |
|||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
'Index' [Index] |
Defines an index number for the new table row. Note: Each row must be configured with a unique index. |
|||||||||||||||
|
'IP Address' ip-address [IpAddress] |
Defines the management station (client) as an IP address (IPv4 or IPv6) that is allowed to access the specified management interface (see the 'Type' parameter below) . Note:
|
|||||||||||||||
|
'Type' type [Type] |
Defines the type of device's management interface that the client is allowed to access.
|