66 BigIron RX Series Configuration Guide53-1002253-01Restricting remote access to management functions4 Configuring hardware-based remote access filtering on the deviceThe following is an example of configuring device to perform hardware filtering for Telnet access.BigIron RX(config)# vlan 3 by portBigIron RX(config-vlan-3)# untagged ethe 3/1 to 3/5BigIron RX(config-vlan-3)# router-interface ve 3BigIron RX(config-vlan-3)# exitBigIron RX(config)# interface ve 3BigIron RX(config-ve-1)# ip address 10.10.11.1 255.255.255.0BigIron RX(config-ve-1)# exitBigIron RX(config)# access-list 10 permit host 10.10.11.254BigIron RX(config)# access-list 10 permit host 192.168.2.254BigIron RX(config)# access-list 10 permit host 192.168.12.254BigIron RX(config)# access-list 10 permit host 192.64.22.254BigIron RX(config)# access-list 10 deny anyBigIron RX(config)# telnet access-group 10 vlan 3BigIron RX(config)# ssh access-group 10 vlan 3BigIron RX(config)# web access-group 10 vlan 3BigIron RX(config)# snmp-server community private rw 10 vlan 3In this example, a Layer 3 VLAN is configured as a remote-access management VLAN and a routerinterface. The IP address specified for the router interface becomes the management IP addressof the VLAN.Restricting remote access to the device to specificIP addressesBy default, a device does not control remote management access based on the IP address of themanaging device. You can restrict remote management access to a single IP address for thefollowing access methods.• Telnet access• Web Management access• SNMP accessIn addition, if you want to restrict all three access methods to the same IP address, you can do sousing a single command.The following examples show the CLI commands for restricting remote access. You can specify onlyone IP address with each command. However, you can enter each command ten times to specifyup to ten IP addresses.NOTEYou cannot restrict remote management access using the Web management interface.Restricting Telnet access to a specific IP addressTo allow Telnet access to the device only to the host with IP address 209.157.22.39, enter thefollowing command.BigIron RX(config)# telnet client 209.157.22.39Syntax: [no] telnet client | ipv6