Options - Cisco SCE2020-4XGBE-SM Configuration Manual

Chapter 5 Configuring the Management Interface and Security
You can create up to 99 access lists. Access lists can be associated with system access on the following
levels:
•
•
It is possible to configure several management interfaces to the same access list, if this is the desired
behavior of the SCE platform.
If no ACL is associated to a management interface or to the global IP level, access is permitted from all
IP addresses.
The SCE Platform will respond to ping commands only from IP addresses that are allowed access. Pings
Note
from a non-authorized address will not receive a response from the SCE platform, as ping uses ICMP
protocol.

Options

The following options are available:
•
•
•
The following keywords are available:
•
•
OL-7827-12
Global (IP) level: If a global list is defined using the ip access-class command, when a request comes
in, the SCE platform first checks if there is permission for access from that IP address. If not, the
SCE does not respond to the request. Configuring the SCE platform to deny a certain IP address
would preclude the option of communicating with that address using any IP-based protocol
including Telnet, FTP, ICMP and SNMP. The basic IP interface is low-level, blocking the IP packets
before they reach the interfaces.
Interface level: Access to each management interface (Telnet, SNMP, etc.) can be restricted to an
access list. Interface-level lists are, by definition, a subset of the Global list defined. If access is
denied at the global level, the IP will not be allowed to access using one of the interfaces. Once an
access list is associated with a specific management interface, that interface checks the access list
to find out if there is permission for a specific external IP address trying to access the management
interface.
number — the ID number assigned to the Access Control List
ip-address — the IP address of the interface to be permitted or denied. Enter in x.x.x.x format.
ip-address/mask — configures a range of addresses in the format x.x.x.x y.y.y.y where x.x.x.x
specifies the prefix bits common to all IP addresses in the range, and y.y.y.y is a wildcard-bits mask
specifying the bits that are ignored. In this notation, '0' means bits to ignore.
permit — the specified IP addresses have permission to access the SCE platform.
deny — the specified IP addresses are denied access to the SCE platform.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
Configuring the Available Interfaces
5-27