Cisco SR224T Administration Guide - Page 234

Configuring Security Defining Management Access Method 17 - Network Mask-Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. - Prefix Length-Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. STEP 7 Click Apply. The access profile is written to the Running Configuration file. You can now select this access profile as the active access profile. Defining Profile Rules Access profiles can contain up to 128 rules to determine who is permitted to manage and access the switch, and the access methods that may be used. Each rule in an access profile contains an action and criteria (one or more parameters) to match. Each rule has a priority; rules with the lowest priority are checked first. If the incoming packet matches a rule, the action associated with the rule is performed. If no matching rule is found within the active access profile, the packet is dropped. For example, you can limit access to the switch from all IP addresses except IP addresses that are allocated to the IT management center. In this way, the switch can still be managed and has gained another layer of security. To add profile rules to an access profile: STEP 1 Click Security > Mgmt Access Method > Profile Rules. The Profiles Rules page is displayed. STEP 2 Select the Filter field, and an access profile. Click Go. The selected access profile is displayed in the Profile Rule Table. STEP 3 Click Add to add a rule to it. The Add Profile Rule page is displayed. STEP 4 Enter the parameters. • Access Profile Name-Select an access profile. • Rule Priority-Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the switch. The rule priority is essential to matching packets to rules, as packets are matched on a first-fit basis. Cisco Small Business 200 Series Smart Switch Administration Guide 235