Section 11-6. Permit Lists

Previous page
Table of content
Next page

11-6. Permit Lists

  • Permit lists are used on COS switches to specify which devices are allowed to access a switch via Telnet, HTTP, or SNMP.

  • You can configure entries in the list to be applied for SNMP or Telnet access, or you can make a list for both.

  • You can enter up to 100 addresses in the permit list.

  • Entries in the lists are matched against a wildcard mask. If no mask is specified, all the bits of the address are matched.

  • Permit lists have no effect on outbound Telnet or management traffic.

  • SNMP traps can be generated when an unauthorized access attempt is made.

Configuration

To configure a permit list on a COS switch, use the following commands.

1.

Add addresses to a permit list:

COS

 
 set ip permit address mask [ snmp | telnet ]


To control which devices are allowed to access the switch, you must first configure the IP permit list. The address parameter specifies the IP address of the device that is allowed to access the network. The mask parameter is an option. The mask is in dotted-decimal format, where a 1 means match the address and a 0 means ignore the address. For example, the address 172.16.101.1 with a mask of 255.255.255.0 would match all the addresses that start with 172.16.101. The address of 172.16.101.1 with a mask of 255.255.255.255 would match only the host 172.16.101.1. If you do not specify a mask, a mask of all 1s or the host mask is used. The options snmp and telnet specify which processes will use a specific list entry. If you do not specify a process, it is applied to each process.

2.

Activate the permit list:

COS

 
 set ip permit enable [ snmp | telnet ]


After you have configured a list of devices that are permitted, use this command to enable the permit list. The snmp and telnet options specify for which processes the permit list will be activated.

3.

(Optional) Enable SNMP trap generation:

COS

 
 set snmp trap enable ip permit


This command enables the ip permit process to send SNMP traps when there is an unauthorized attempt to access the switch.

Verification

Use the show ip permit command to verify the configuration of the IP permit list:

COS

 
 show ip permit


Feature Example

This example shows a permit list configuration. This list allows any user from the network 192.168.5.0 to access the device for SNMP and Telnet. This example also allows any user from the 192.168.1.0 subnet to access the device via Telnet. In addition, this example has an entry that allows the host 192.168.255.1 to reach the device via SNMP. This list is also enabled for Telnet and SNMP.

An example of the Catalyst OS configuration follows:

 Console (enable)>set ip permit 192.168.5.0 255.255.255.0 Console (enable)>set ip permit 192.168.1.0 255.255.255.0 telnet Console (enable)>set ip permit 192.168.255.1 255.255.255.255 snmp Console (enable)>set ip permit telnet Console (enable)>set ip permit snmp

TIP

When creating an IP permit list, you should add the address of your management station first to avoid locking yourself out of the switch.



Previous page
Table of content
Next page
Cisco Field Manual. Catalyst Switch Configuration
Cisco Field Manual. Catalyst Switch Configuration
ISBN: 1587050439
EAN: N/A
Year: 2001
Pages: 150
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Java for RPG Programmers, 2nd Edition
Managing Enterprise Systems with the Windows Script Host
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy