Access Profile

The Access Profiles page displays the access profiles that are defined and enables selecting one access profile to be the active one.

When a user attempts to access the device through an access method, the device looks to see if the active access profile explicitly permits management access to the device through this method. If no match is found, access is denied.

When an attempt to access the device is in violation of the active access profile, the device generates a SYSLOG message to alert the system administrator of the attempt.

Use the Access Profiles page to create an access profile and to add its first rule. If the access profile only contains a single rule, you’re finished. To add more rules to the profile, use the Profile Rules page.

Procedure

Step 1

Click Security > Mgmt Access Method > Access Profiles.

This page displays all of the access profiles, active and inactive.

Step 2

To change the active access profile, select a profile from the Active Access Profile drop down menu and click Apply. This makes the chosen profile the active access profile.

Note	A caution message displays if you selected any other access profile, warning you that, depending on the selected access profile, you might be disconnected from the web-based configuration utility.

Step 3

Click OK to select the active access profile or click Cancel to discontinue the action.

Step 4

Click Add to open the Add Access Profile page. The page allows you to configure a new profile and one rule.

Step 5

Enter the Access Profile Name. This name can contain up to 32 characters.

Step 6

Enter the parameters.

Rule Priority—Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the device. The rule priority is essential to matching packets to rules, as packets are matched on a first-match basis. The highest priority is ‘1’.
Management Method—Select the management method for which the rule is defined. The options are:
- All—Assigns all management methods to the rule
- Telnet—Users requesting access to the device that meets the Telnet access profile criteria are permitted or denied access.
- Secure Telnet (SSH)—Users requesting access to the device that meets the SSH access profile criteria, are permitted or denied access.
- HTTP— Users requesting access to the device that meets the HTTP access profile criteria, are permitted or denied.
- Secure HTTP (HTTPS)—Users requesting access to the device that meets the HTTPS access profile criteria, are permitted or denied.
- SNMP—Users requesting access to the device that meets the SNMP access profile criteria are permitted or denied.
Action—Select the action attached to the rule. The options are:
- Permit—Permits access to the device if the user matches the settings in the profile.
- Deny—Denies access to the device if the user matches the settings in the profile
Applies to Interface—Select the interface attached to the rule. The options are:
- All—Applies to all ports, VLANs, and LAGs
- User Defined—Applies to selected interface.
Interface—Enter the interface number if User Defined was selected.
Applies to Source IP Address—Select the type of source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork. Select one of the following values:
- All—Applies to all types of IP addresses
- User Defined—Applies to only those types of IP addresses defined in the fields.
IP Version—Enter the version of the source IP address: Version 6 or Version 4.
IP Address—Enter the source IP address.
Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the fields:
- Network Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format.
- Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix.

Step 7

Click Apply. The access profile is written to the Running Configuration file. You can now select this access profile as the active access profile.