Users Guide
Using the Local RACADM Command Line Interface 233
Following are examples using local RACADM to set up IP filtering.
NOTE: See "Using the Local RACADM Command Line Interface" for more
information about RACADM and RACADM commands.
1
The following RACADM commands block all IP addresses except
192.168.0.57:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.57
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.255
2
To restrict logins to a small set of four adjacent IP addresses (for example,
192.168.0.212 through 192.168.0.215), select all but the lowest two bits in
the mask, as shown below:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.252
The last byte of the range mask is set to 252, the decimal equivalent of
11111100b.
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
• Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a
netmask, where all most significant bits are 1’s (which defines the subnet
in the mask) with a transition to all 0’s in the low-order bits.
• Use the desired range’s base address as the value of
cfgRacTuneIpRangeAddr
. The 32-bit binary value of this address should
have zeros in all the low-order bits where there are zeros in the mask.