User Guide
88 Chapter 4. Configuring Special Features
system deltelnetFilter <
first ip addr
>
[
<
last ip addr
>] | LAN
system delSNMPFilter <
first ip addr
>
[
<
last ip addr
>] | LAN
system delHTTPFilter <
first ip addr
>
[
<
last ip addr
>] | LAN
Note 3:
To list the range of allowed clients, use the command
system list
when you are logged in with read and
write permission (login with password).
Restrict Remote Access
To allow management via SNMP or Telnet, while making it more difficult for non-authorized persons to access
the router, you may redefine the Telnet and SNMP ports to a non well-known value. When Network Address
Translation (NAT) is used, this port redefinition feature also allows you to continue using the standard Telnet and
SNMP ports with another device on the LAN (provided the appropriate NAT server ports commands are issued),
while simultaneously managing the router (with non-standard ports). The following commands show how this is
done.
Example:
login admin
system telnetport 4321
system snmpport 3214
Changing the SNMP Community Name
Changing the SNMP community name from its default value of “public” to another string may further enhance
SNMP security. This string then acts like a password, but this password is sent in the clear over the WAN/LAN, in
accordance with the SNMP specification.
Use the following commands to change the SNMP community name.
login admin
system community
<
snmp community name
>
--
(
e.g.,
system community fred)
save
reboot
Disable WAN Management
You may wish to allow management of the router on the local LAN, but not over the WAN. If the router has been
configured to use NAT, you can define two servers that
do not
exist on the LAN side to handle WAN SNMP and
Telnet requests, and thus WAN management of the router cannot occur. The following commands show how this
could be done.
Example:
login admin
system addServer 192.168.254.128 udp snmp - (no computer at 192.168.254.128)
system addServer 192.168.254.128 tcp telnet
save
reboot