Users Guide
214 Configuring Security Features
Enabling IP Filtering
Below is an example command for IP filtering setup.
See "Using RACADM Remotely" for more information about RACADM and
RACADM commands.
NOTE: The following RACADM commands block all IP addresses except
192.168.0.57)
To restrict the login to a single IP address (for example, 192.168.0.57), use the
full mask, as shown below.
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.57
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.255
To restrict logins to a small set of four adjacent IP addresses (for example,
192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the
mask, as shown below:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.252
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
• Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a
netmask, where all most significant bits are 1’s (which defines the subnet
in the mask) with a transition of all 0’s in the lower-order bits.
• Use the range base address you prefer as the value for
cfgRacTuneIpRangeAddr
. The 32-bit binary value of this address should
have zeros in all the low-order bits where there are zeros in the mask.