C H A P T E R 5 Accessing the Switch
59
Using Access Profiles
An access profile permits or denies a named list of IP addresses and
subnet masks. To use access profiles, first define the list, and then
apply the named list to the desired application.
Access profiles are used by several routing switch features as a way
to restrict access. Applications that use access profiles for remotely
managing the switch are:
• SNMP read-only access
• SNMP read-write access
• Telnet
• Web access
See "Access Policies" on
page 309.
Access profiles can also be used in association with access policies
that control the flow of traffic.
Creating an Access Profile
Do not confuse access
profiles with access
policies.
You can use access profiles to specifically permit or deny users
access to an application. You restrict access by assigning an access
profile to the service that is being used for remote access.
When you create and name an access profile to restrict access to a
certain application, you then need to configure the application to use
the named access profile. Otherwise, no restrictions are applied.
Use the commands listed in Table 5.7 to create and configure access
profiles. For further access profile commands refer to Table 17.3 on
page 335. Press the Tab key in the command line interface for more
command options.
Table 5.7: Access Profile Configuration Commands
Command Description
configure access-profile <access_profile>
add {vlan <name> | ipaddress <ipaddress>
<mask>}
Adds an IP address or VLAN name to the
access profile. The entry must be of the same
type as the access profile (for example, IP
address).