Resolution
The IP permit list prevents inbound Telnet and Simple Network Management Protocol (SNMP) access to the switch from unauthorized source IP addresses. All other TCP/IP services (such as IP traceroute and IP ping) continue to work normally when you enable the IP permit list. Outbound Telnet, TFTP, and other IP-based services are unaffected by the IP permit list.
Telnet attempts from unauthorized source IP addresses are denied a connection. SNMP requests from unauthorized IP addresses receive no response; the request times out.
To configure an IP permit list, issue the set ip permit ip_address [mask] [telnet | snmp | ssh] command.
To verify the IP permit list configuration, issue the show ip permit command.
This example shows how to add IP addresses to the IP permit list and verify the configuration:
Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet
172.16.0.0 with mask 255.255.0.0 added to telnet permit list.
Console> (enable) set ip permit 172.20.52.32 255.255.255.224 snmp
172.20.52.32 with mask 255.255.255.224 added to snmp permit list.
Console> (enable) set ip permit 172.20.52.3 all
172.20.52.3 added to IP permit list.
Console> (enable) show ip permit
Telnet permit list feature enabled.
Snmp permit list feature enabled.
Permit List Mask Access Type
---------------- ---------------- -------------
172.16.0.0 255.255.0.0 telnet
172.20.52.3 snmp telnet
172.20.52.32 255.255.255.224 snmp
Denied IP Address Last Accessed Time Type Telnet Count SNMP Count
----------------- ------------------ ------ ------------ ----------
172.100.101.104 01/20/97,07:45:20 SNMP 14 1430
172.187.206.222 01/21/97,14:23:05 Telnet 7 236
To enable the IP permit list, issue the set ip permit enable [telnet | snmp | ssh] command.
Before enabling the IP permit list, make sure you add the IP address of your workstation or network management system to the permit list, especially when configuring through SNMP. Failure to do so could result in your connection being dropped by the switch.
It is recommended that you disable the IP permit list before clearing IP permit entries or host addresses.
To disable the IP permit list, issue the set ip permit disable [telnet | snmp | ssh] command.
To clear the IP permit list, issue the clear ip permit {ip_address} [mask] [telnet | ssh | snmp | all] command.
This example shows how to clear an IP permit list entry:
Console> (enable) set ip permit disable all
Console> (enable) clear ip permit 172.100.101.102
172.100.101.102 cleared from IP permit list.
Console> (enable) clear ip permit 172.160.161.0 255.255.192.0 snmp
172.160.128.0 with mask 255.255.192.0 cleared from snmp permit list.
Console> (enable) clear ip permit 172.100.101.102 telnet
172.100.101.102 cleared from telnet permit list.
Console> (enable) clear ip permit all
IP permit list cleared.
Console> (enable)
For more information, refer to Configuring the IP Permit List.