Configuring Access Profiles

Use the Access Profiles page to create an access profile and to add its first rule. If the access profile only contains a single rule, you are finished. To add additional rules to the profile, use the Profile Rules page.

To add an access profile or select a different active access profile:

  1. Click Security > Management Access Method > Access Profiles.
  2. The Access Profiles Table displays all of the access profiles, active and inactive.

  3. To change the active access profile, select a profile from the Active Access Profile drop-down menu and click Apply. This makes the selected profile as the active access profile.
  4. NOTE     A caution message appears if you selected Console Only. If you continue, you are immediately disconnected from the web-based interface and can only access the switch through the console port.

    NOTE     If you selected any other access profile, a caution message appears warning you that, depending on the selected access profile, you might be disconnected from the web-based interface.

  5. To add a new access profile and one rule, click Add.
  6. Enter the following information:
    • Access Profile Name—Enter the access profile name.
    • Rule Priority—Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the switch. The rule priority is essential to matching packets to rules, as packets are matched on a first-match basis. One is the highest priority.
    • Management Method—Select the management method for which the rule is defined. Users with this access profile can only access the switch by using the management method selected. The options are:
      • All—Assigns all management methods to the rule.
      • Telnet—Users requesting access to the switch, who meet the Telnet access profile criteria, are permitted or denied access.
      • Secure Telnet (SSH)—Users requesting access to the switch, who meet the SSH access profile criteria, are permitted or denied access.
      • HTTP—Assigns HTTP access to the rule. Users requesting access to the switch, who meet the HTTP access profile criteria, are permitted or denied.
      • Secure HTTP (HTTPS)—Users requesting access to the switch, who meet the HTTPS access profile criteria, are permitted or denied.
      • SNMP—Users requesting access to the switch, who meet the SNMP access profile criteria are permitted or denied.
    • Action—Select the action attached to the rule. The options are:
      • Permit—Permits access to the switch if the user matches the settings in the profile.
      • Deny—Denies access to the switch if the user matches the settings in the profile.
    • Applies to Interface—Select the interface attached to the rule. The options are:
      • All—Applies to all ports, VLANs, and LAGs.
      • User Defined—Applies to the selected interface. You need to select a port or LAG from the Interface drop-down menu.
    • Applies to Source IP Address—Select the type of source IP address to which the access profile applies. The options are:
      • All—Applies to all IP addresses.
      • User Defined—Applies to only those types of IP addresses defined in the fields.
    • IP Version—Select either Version 4 or Version 6 to define the source IP address.
    • IP Address—Enter the source IP address.
    • Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the fields:
      • Network Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format.
      • Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix.
  7. Click Apply. The access profile is created, and the Running Configuration is updated.