User guide
Chapter 4. Configuring Special Features 97
Controlling Remote Management
With the following security control features, the user can control remote management of the router via Telnet,
HTTP, Syslog, and/or SNMP. Disabling SNMP stops the Configuration Manager from accessing the router, which
in some environments is desirable.
Router system event messages can be automatically sent to a Unix Syslog server. The system syslogport and
system addsyslogfilter commands control the access and port numbers.
Disabling Remote Management
To completely disable remote management, enter the following commands from the command line:
system telnetport disabled
system snmpport disabled
system httpport disabled
system syslogport disabled
save
reboot
Re-enabling Remote Management
To reestablish the disabled remote management services, restore the default values with the commands:
system telnetport default
system snmpport default
system httpport default
system syslogport default
Validating Clients
The following commands are used to validate clients for Telnet, SNMP, HTTP, or Syslog. They define a range of
IP addresses that are allowed to access the router via that interface. Only the IP addresses in the range specified
for the interface can access the router via that interface. This validation feature is off by default.
Multiple ranges can be specified for Telnet and SNMP clients. If no range is defined, then access to the router is
through the LAN or WAN.
Note: These commands do not require a reboot and are effective immediately.
system addtelnetfilter <first ip addr> [<last ip addr>] | LAN
system addsnmpfilter <first ip addr> [<last ip addr>] | LAN
system addhttpfilter <first ip addr> [<last ip addr>] | LAN
system addsyslogfilter <first ip addr> [<last ip addr>] | LAN
first ip addr First IP address of the client range
last ip addr Last IP address of the client range. May be omitted if the range contains only one IP address.
LAN Local Ethernet LAN
Example:
system addsnmpfilter 192.168.1.5 192.168.1.12