Access Profiles Configuration on 200/300 Series Managed Switches

Available Languages

Download Options

PDF (270.6 KB)
View with Adobe Reader on a variety of devices
ePub (350.4 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (148.0 KB)
View on Kindle device or Kindle app on multiple devices

Updated:December 11, 2018

Document ID:SMB3207

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Access Profiles Configuration on 200/300 Series Managed Switches

Objective

Access profiles act as another layer of security for the switch. Access profiles can contain up to 128 rules to increase security. Each rule contains an action and a criteria. If the access method does not match the management method, the user is blocked from accessing the device.

This article explains how to configure profiles to access the 200/300 Series Managed Switches.

Applicable Devices

• SF/SG 200 and SF/SG 300 Series Managed Switches

Software Version

• 1.3.0.62

Access Profiles Configuration

Step 1. Log in to the web configuration utility and choose Security > Mgmt Access Method > Access Profiles. The Access Profiles page opens:

Step 2. Choose the desired access profile from the Active Access Profile drop-down list.

Step 3. Click Apply to change the currently active Access Profile.

Add Access Profile

Step 1. Click Add in the Access Profile Table. The Add Access Profile window appears:

Step 2. Enter the name of the access profile in the Access Profile Name field.

Step 3. Enter the priority of the rule in the Rule Priority field. The rule priority matches packets with rules. Rules with lower priority are checked first. If a packet matches a rule the desired action is performed.

Step 4. Click the radio button that corresponds to the desired management method in the Management Method field. The access method used by the user must match the management method for the action to be performed. The possible methods are:

• All — All the management methods are assigned to the access profile.

• Telnet — Telnet management method is assigned to the rule. Only users with Telnet meeting access profile method have access to the device.

• Secure Telnet (SSH) — SSH management method is assigned to the profile. Only users with Telnet meeting access profile have access to the device.

• HTTP — HTTP management method is assigned to the profile. Only users with HTTP meeting access profile method have access to the device.

• Secure HTTP (SSL) — HTTPS management method is assigned to the profile. Only users with HTTPS meeting access profile method have access to the device.

• SNMP — SNMP management method is assigned to the profile. Only users with SNMP meeting access profile method have access to the device.

Step 5. Choose the action to be attached to the rule from the Action drop-down list. The possible action values are:

• Permit — Access to the switch is permitted.

• Deny — Access to the switch is denied.

Step 6. Click the desired radio button that corresponds to the desired interface type in the applies to Interface field to define the interface for the access profile. The two options are:

• All — Includes all the interfaces such as Ports, VLANs and LAGs.

Note: LAGs are logical links that combine multiple physical links in order to provide more bandwidth.

• User Defined — Apply only to the desired interface for the user.

– Port — Choose the port From the Port drop-down list for which the access profile is to be defined..

– LAG — Choose the LAG from the LAG drop-down list for which the access profile is to be defined from the LAG drop-down list.

– VLAN — Choose the VLAN from the VLAN drop-down list for which the access profile is to be defined from the VLAN drop-down list.

Step 7. Click the Source IP Address radio button to enable the interface source IP address. There are two possible values:

• All — Includes all IP addresses.

• User Defined — Apply only to the desired IP address for the user.

– Version 6 — For IP version 6 (IPv6) addresses.

– Version 4 — For IP version 4 (IPv4) addresses.

Step 8. If you chose User Defined in Step 7, enter the IP Address of the device in the IP Address field.

Step 9. Click a radio button in the Mask field of one of the options to define the network mask. The available options are:

• Network Mask — Enter the subnet mask that corresponds to the IP address in the dotted decimal format.

• Prefix Length — Enter the subnet mask prefix length that corresponds to the IP address.

Step 10. Click Apply.

Step 11. (Optional) To delete an access profile, check the check box of the access profile you wish to delete, and click Delete.

Step 12. (Optional) Click Profile Rules Table to go to the Profile Rules page.

Note: For more information about profile rules, refer to the article Access Profile Rules Configuration on 200/300 Series Managed Switches.

Revision History

Revision	Publish Date	Comments
1.0	11-Dec-2018	Initial Release

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)