Support User Manuals

Dell FCX624-S Laptop User Manual

Open as PDF

of 1494

1140 PowerConnect B-Series FCX Configuration Guide

53-1002266-01

Restricting remote access to management functions

32

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

NOTE

The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH,

and Web management access using ACLs.

Syntax: snmp-server community <string> ro | rw <num>

The <string> parameter specifies the SNMP community string the user must enter to gain SNMP

access.

The ro parameter indicates that the community string is for read-only (“get”) access. The rw

parameter indicates the community string is for read-write (“set”) access.

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACLs 25 and 30, then apply the ACLs to community strings.

ACL 25 is used to control read-only access using the “public” community string. ACL 30 is used to

control read-write access using the “private” community string.

NOTE

When snmp-server community is configured, all incoming SNMP packets are validated first by their

community strings and then by their bound ACLs.

Defining the console idle time

By default, a Dell PowerConnect device does not time out serial console sessions. A serial session

remains open indefinitely until you close it. You can however define how many minutes a serial

management session can remain idle before it is timed out.

NOTE

You must enable AAA support for console commands, AAA authentication, and Exec authorization in

order to set the console idle time.

To configure the idle time for a serial console session, use the following command.

PowerConnect(config)#console timeout 120

Syntax: [no] console timeout <0 – 240>

Possible values: 0 – 240 minutes

Default value: 0 minutes (no timeout)

PowerConnect(config)#access-list 25 deny host 209.157.22.98 log

PowerConnect(config)#access-list 25 deny 209.157.23.0 0.0.0.255 log

PowerConnect(config)#access-list 25 deny 209.157.24.0 0.0.0.255 log

PowerConnect(config)#access-list 25 permit any

PowerConnect(config)#access-list 30 deny 209.157.25.0 0.0.0.255 log

PowerConnect(config)#access-list 30 deny 209.157.26.0/24 log

PowerConnect(config)#access-list 30 permit any

PowerConnect(config)#snmp-server community public ro 25

PowerConnect(config)#snmp-server community private rw 30

PowerConnect(config)#write memory

previous next