Specifications
Chapter 4. Configuring Special Features 101
Controlling Remote Management
With the following security control features, the user can control remote management of the router via Telnet,
HTTP, Syslog, and/or SNMP. Disabling SNMP stops the Configuration Manager from accessing the router, which
in some environments is desirable.
Router system event messages can be automatically sent to a Unix Syslog server. The system syslogport and
system addsyslogfilter commands control the port number and valid IP addresses. For more information, see
Syslog Client, page 153.
Disabling Remote Management
To completely disable remote management, enter the following commands from the command line:
system telnetport disabled
system snmpport disabled
system httpport disabled
system syslogport disabled
save
reboot
Re-enabling Remote Management
To reestablish the disabled remote management services, restore the default values with the commands:
system telnetport default
system snmpport default
system httpport default
system syslogport default
Validating Clients
The following commands are used to validate clients for Telnet, SNMP, HTTP, or Syslog. They define a range of
IP addresses that are allowed to access the router via that interface. Only the IP addresses in the range specified
for the interface can access the router via that interface. This validation feature is off by default.
Multiple address ranges can be specified for each filter. If no range is defined, then access to the router is through
the LAN or WAN.
Note: These commands do not require a reboot and are effective immediately.
system addtelnetfilter <first ip addr> [<last ip addr>] | LAN
system addsnmpfilter <first ip addr> [<last ip addr>] | LAN
system addhttpfilter <first ip addr> [<last ip addr>] | LAN
system addsyslogfilter <first ip addr> [<last ip addr>] | LAN
first ip addr First IP address of the client range
last ip addr Last IP address of the client range. May be omitted if the range contains only one IP address.
LAN Local Ethernet LAN
Example: