User's Manual
Security
Management Access Authentication
350 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
• Interface—Enter the interface number.
• Applies to Source IP Address—Select the type of source IP address to 
which the access profile applies. The Source IP Address field is valid for a 
subnetwork. Select one of the following values:
- All—Applies to all types of IP addresses.
- User Defined—Applies to only those types of IP addresses defined in 
the fields.
• IP Version—Select the supported IP version of the source address: IPv6 or 
IPv4. 
• IP Address—Enter the source IP address.
• Mask—Select the format for the subnet mask for the source IP address, and 
enter a value in one of the field:
- Network Mask—Select the subnet to which the source IP address 
belongs and enter the subnet mask in dotted decimal format.
- Prefix Length—Select the Prefix Length and enter the number of bits that 
comprise the source IP address prefix.
STEP  5 Click Apply, and the rule is added to the access profile.
Management Access Authentication
You can assign authentication methods to the various management access 
methods, such as SSH, console, Telnet, HTTP, and HTTPS. The authentication can 
be performed locally or on a TACACS+ or RADIUS server. 
For the RADIUS server to grant access to the web-based configuration utility, the 
RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are 
selected. If the first authentication method is not available, the next selected 
method is used. For example, if the selected authentication methods are RADIUS 
and Local, and all configured RADIUS servers are queried in priority order and do 
not reply, the user is authenticated locally.










