Cisco Support Community
The objective of this document is to help configure access profile settings on SFE/SGE Series Managed Switches. Access profiles use access methods to classify access requests according to authorization and authentication. Each access profile is associated with a set of rules to manage security of the organization.
• SFE/SGE Managed Switches Series
Access Profile Settings
Step 1. At the web configuration utility choose Security Suite > Access Method > Access Profiles. The Access Profile page opens:
Step 2. In the Current Active Access Profile field, the currently active profile is shown. To change the active profile click the radio button of the corresponding access profile. In order to add a new profile proceed with Step 3.
Step 3. Click Add to add a new access profile. The following window opens:
Step 4. In the Supported IP Format field, click the radio button of the desired IP version.
Note: If you choose IPv6 in Step 4 then follow Step 5 else skip to step 7.
Step 5. In the IPv6 Address Type field, click the radio button of the desired IPv6 address type.
• Link Local — To communicate on the same subnet.
• Global — To communicate globally.
Step 6. In the Link Local Interface field, click the radio button of the desired Link Local Interface. For example, If you choose ISATAP, it indicates that the link local interface is Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel.
Step 7. In the Access Profile Name field, enter the desired name of the access profile.
Step 8. In the Rule Priority field, enter a rule priority number between 1 and 65535. The packet should match the rule for it to either grant or deny access to the switch.
Step 9. In the Management method field, choose a field from the drop down list for which the rule should be defined.
• All — This will assign the rule to all the management methods.
• Telnet — Access will be either permitted or denied only to the users that meet the telnet access profile criteria.
• Secure Telnet (SSH) — Access will be either permitted or denied only to the users that meet the SSH access profile criteria.
• HTTP — Access will be either permitted or denied only to the users that meet the HTTP access profile criteria.
• Secure HTTP (HTTPS) — Access will be either permitted or denied only to the users that meet the HTTPS access profile criteria.
• SNMP — Access will be either permitted or denied only to the users that meet the SNMP access profile criteria.
Step 10. In the Interface field, check the Interface check box and then click the radio button for the desired interface. Choose port if a statistics for a single port are to be received; choose LAG that contains group of ports; or choose VLAN if the interface is a VLAN interface.
Step 11. In the Source IP Address field, check the Source IP Address check box and then enter the source IP address in the given field.
Step 12. In the Network Mask field, click the corresponding radio button to enter the subnet mask. It should be in the 0.0.0.0 format or in the Prefix length field, click the corresponding radio button and then enter the number of bits that are comprised in the source IP address prefix.
Step 13. In the Action field, choose a desired action from the drop down list.
• Permit — If the user settings match the profile settings then the access to the switch is permitted.
• Deny — If the user settings match the profile settings then the access to the switch is denied.
Step 14. Click Apply to save the configuration.
Caution: This only saves your configuration to the running configuration file. This means any changes made will be lost if the device is rebooted. If you wish to save these changes even after a system reboot, you need to copy the running configuration file to the startup configuration file. See Copy Configuration File on SFE/SGE Series Managed Switches for more information on how to do this