User Guide
Chapter 4. Configuring Special Features 87
Management Security
With the following security control features, the user can prevent the router from being remotely managed via
Telnet and/or SNMP. Disabling SNMP will stop the Configuration Manager from accessing the router, which in
some environments is desirable.
Disable Telnet and SNMP
To completely disable remote management, the following commands should be entered from the command line.
login admin
system telnetport disable
system snmpport disable
save
reboot
Restore Telnet and SNMP
To reestablish the Telnet and SNMP services, the default values should be restored with the commands:
system telnetport default
system snmpport default
Validation of Telnet and SNMP Clients
The following commands are used to validate Telnet, SNMP, or HTTP clients. They define a range of IP
addresses that are allowed to access the router via Telnet, SNMP, or HTTP. Only the IP addresses in the range
specified for Telnet, SNMP, or HTTP can access the router via Telnet, SNMP, or HTTP. This validation feature is
off
by default.
system addtelnetFilter <
first ip addr
>
[
<
last ip addr
>] | LAN
system addSNMPFilter <
first ip addr
> [<
last ip addr
>] | LAN
system addHTTPFilter <
first ip addr
> [<
last ip addr
>] | LAN
where:
first ip addr
First IP address of the client range
last ip addr
Last IP address of the client range. May be omitted if the range contains only one IP address.
LAN Local Ethernet LAN
Example:
system addsnmpfilter 192.168.1.5 192.168.1.12
Multiple ranges can be specified for Telnet and SNMP clients. If no range is defined, then access to the router is
through the LAN or WAN.
Note 1:
These commands do
not
require a reboot and are effective immediately.
Note 2:
The following commands are used to delete client ranges previously defined by the
system
addtelnetFilter, system addSNMPFilter,
and
system addHTTPFilter
commands: