User guide
98 Chapter 4. Configuring Special Features
To delete client ranges previously defined, use these commands:
system deltelnetfilter <first ip addr> [<last ip addr>] | LAN
system delsnmpfilter <first ip addr> [<last ip addr>] | LAN
system delhttpfilter <first ip addr> [<last ip addr>] | LAN
system delsyslogfilter <first ip addr> [<last ip addr>] | LAN
To list the range of allowed clients, use the command:
system list
Restricting Remote Access
To allow remote management while making it more difficult for non-authorized persons to access the router, you
may redefine the ports to a less well-known value. When Network Address Translation (NAT) is used, this port
redefinition feature also allows you to continue using the standard ports with another device on the LAN
(provided the appropriate NAT server ports commands are issued), while simultaneously managing the router
(with non-standard ports).
For example, the following commands redefine the Telnet, SNMP, HTTP, and Syslog ports:
system telnetport 4321
system snmpport 3214
system httpport 5678
system syslogport 6789
Changing the SNMP Community Name
Changing the SNMP community name from its default value of ÒpublicÓ to another string may further enhance
SNMP security. This string then acts like a password, but this password is sent in the clear over the WAN/LAN,
in accordance with the SNMP specification.
Use the following commands to change the SNMP community name.
system community <new community name>
save
reboot
Disabling WAN Management
You can allow management of the router on the local LAN, but not over the WAN. If the router has been
configured to use NAT, you can define two servers that do not exist on the LAN side to handle WAN SNMP and
Telnet requests, and thus WAN management of the router cannot occur.
The following example shows how this is done. It assumes there is no computer at 192.168.254.128.
system addServer 192.168.254.128 udp snmp
system addServer 192.168.254.128 tcp telnet
system addServer 192.168.254.128 tcp http
save
reboot