Active Access Profile

The Access Profiles page displays the access profiles that are defined and enables selecting one access profile to be the active one.

When a user attempts to access the switch through an access method, the switch looks to see if the active access profile explicitly permits management access to the switch through this method. If no match is found, access is denied.

When an attempt to access the switch is in violation of the active access profile, the switch generates a SYSLOG message to alert the system administrator of the attempt.

After an access profile has been defined, additional rules can be added or edited by using the Defining Profile Rules page.

Use the Access Profiles page to create an access profile and to add its first rule. If the access profile only contains a single rule, you are finished. To add additional rules to the profile, use the Profile Rules page.

  1. Click Security > Mgmt Access Method > Access Profiles. The Access Profiles page displays.
  2. This page displays all of the access profiles, active and inactive.

  3. To change the active access profile, select a profile from the Active Access Profile drop down menu and click Apply. This makes the chosen profile the active access profile.
  4. NOTE     Some 200 Series switches only support web access. The profile you define may be customized according to a set of settings provided in Access Profile entry, but ultimately will only provide web access; console or any other methods (SSH & Telnet) are not supported.

    A caution message displays if you selected any other access profile, warning you that, depending on the selected access profile, you might be disconnected from the web-based switch configuration utility.

  5. Click OK to select the active access profile or click Cancel to discontinue the action.
  6. Click Add to open the Add Access Profile page. The page allows you to configure a new profile and one rule.
  7. Enter the parameters.
    • Access Profile Name--Enter an access profile name. The access profile name can contain up to 32 characters.
    • Rule Priority--Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the switch. The rule priority is essential to matching packets to rules, as packets are matched on a first-match basis. One is the highest priority.
    • Management Method--Select the management method for which the rule is defined. The options are:
      • All--Assigns all management methods to the rule.
      • HTTP-- Users requesting access to the switch who meet the HTTP access profile criteria, are permitted or denied.
      • Secure HTTP (HTTPS)--Users requesting access to the switch who meet the HTTPS access profile criteria, are permitted or denied.
    • Action--Select the action attached to the rule. The options are:
      • Permit--Permits access to the switch if the user matches the settings in the profile.
      • Deny--Denies access to the switch if the user matches the settings in the profile.
    • Applies to Interface--Select the interface attached to the rule. The options are:
      • All--Applies to all ports, VLANs, and LAGs.
      • User Defined--Applies to selected interface.
    • Interface--Enter the interface number if User Defined was selected.
    • Applies to Source IP Address--Select the type of source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork. Select one of the following values:
      • All--Applies to all types of IP addresses.
      • User Defined--Applies to only those types of IP addresses defined in the fields.
    • IP Version--Select the supported IP version of the source address, IPv6 or IPv4.
    • IP Address--Enter the source IP address.
    • Mask--Select the format for the subnet mask for the source IP address, and enter a value in one of the fields:
      • Network Mask--Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format.
      • Prefix Length--Select the Prefix Length and enter the number of bits that comprise the source IP address prefix.
  8. Click Apply. The access profile is created, and the Running Configuration file is updated. You can now select this access profile as the active access profile.