Defining Profile Rules
Access profiles can contain up to 128 rules to determine who is permitted to manage and access the switch, and the access methods that may be used.
Each rule in an access profile contains an action and a criteria (one or more parameters) to match. Each rule has a priority; rules with the lowest priority are checked first. If the incoming packet matches a rule, the action associated with the rule is performed. If no matching rule is found within the active access profile, the packet is dropped.
For example, you can limit access to the switch from all IP addresses except IP addresses that are allocated to the IT management center. In this way, the switch can still be managed and has gained another layer of security.
To add profile rules to an access profile:
- Click Security > Mgmt Access Method > Profile Rules. The Profiles Rules page displays.
- Select the Filter field, and an access profile. Click Go.
The selected access profile is displayed in the Profile Rule Table.
- Click Add to add a rule to it. The Add Profile Rule page displays.
- Enter the parameters.
- Access Profile Name--Select an access profile.
- Rule Priority--Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the switch. The rule priority is essential to matching packets to rules, as packets are matched on a first-fit basis.
- Management Method--Select the management method for which the rule is defined. The options are:
- All--Assigns all management methods to the rule.
- Telnet--Users requesting access to the switch who meet the Telnet access profile criteria are permitted or denied access.
- Secure Telnet (SSH)--Users requesting access to the switch who meet the Telnet access profile criteria, are permitted or denied access.
- HTTP--Assigns HTTP access to the rule. Users requesting access to the switch who meet the HTTP access profile criteria, are permitted or denied.
- Secure HTTP (HTTPS)--Users requesting access to the switch who meet the HTTPS access profile criteria, are permitted or denied.
- SNMP--Users requesting access to the switch who meet the SNMP access profile criteria are permitted or denied.
- Action--Select Permit to permit the users that attempt to access the switch by using the configured access method from the interface and IP source defined in this rule. Or select Deny to deny access.
- Applies to Interface--Select the interface attached to the rule. The options are:
- Interface--Enter the interface number.
- Applies to Source IP Address--Select the type of source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork. Select one of the following values:
- IP Version--Select the supported IP version of the source address: IPv6 or IPv4.
- IP Address--Enter the source IP address.
- Mask--Select the format for the subnet mask for the source IP address, and enter a value in one of the field:
- Click Apply, and the rule is added to the access profile.