Cisco 500 series Administration Manual page 310

Configuring Security
Defining Management Access Method
Cisco 500 Series Stackable Managed Switch Administration Guide
There can only be a single access profile active on the switch at one time.
Access profiles consist of one or more rules. The rules are executed in order of
their priority within the access profile (top to bottom).
Rules are composed of filters that include the following elements:
• Access Methods—Methods for accessing and managing the switch:
- Telnet
- Secure Telnet (SSH)
- Hypertext Transfer Protocol (HTTP)
- Secure HTTP (HTTPS)
- Simple Network Management Protocol (SNMP)
- All of the above
• Action—Permit or deny access to an interface or source address.
• Interface—Which ports, LAGs, or VLANs are permitted to access or are
denied access to the web-based switch configuration utility.
• Source IP Address—IP addresses or subnets. Access to management
methods might differ among user groups. For example, one user group
might be able to access the switch module only by using an HTTPS
session, while another user group might be able to access the switch
module by using both HTTPS and Telnet sessions.
Active Access Profile
Access Profiles
The
enables selecting one access profile to be the active one.
When a user attempts to access the switch through an access method, the switch
looks to see if the active access profile explicitly permits management access to
the switch through this method. If no match is found, access is denied.
When an attempt to access the switch is in violation of the active access profile,
the switch generates a SYSLOG message to alert the system administrator of the
attempt.
If a console-only access profile has been activated, the only way to deactivate it is
through a direct connection from the management station to the physical console
port on the switch.
page displays the access profiles that are defined and
18
310