This guide demonstrates how to configure a whitelist for remote management access on the Zyxel CX4800-CF switch. A whitelist limits remote access to specific source IP addresses and services, reducing the risk of unauthorized access attempts from unknown devices or networks.
⚠️ Note: All IP addresses and subnet masks in this article are examples. Replace them with actual values from your environment.
Access the Web GUI
- Log in to the switch's Web GUI using an authorized admin device (e.g., AdministratorPC).
- Navigate to:
Menu > Security > Access Control > Remote Management. - In the configuration screen:
- Specify the IP address range that is allowed to access the switch.
- Select the corresponding management services (e.g., HTTPS, SSH, Telnet, FTP) that each IP or range is permitted to use.
- Click Apply to save the settings.
Example Configuration & Testing
Assume the following configuration:
- Allowed IP Range: 192.168.10.100 – 192.168.10.120
- Services Allowed: All except HTTP
Test Scenarios
-
PC-1 (192.168.10.100):
- If accessing the switch via HTTP → Access is denied
- If accessing via HTTPS (e.g., https://192.168.10.1) → Access is successful
-
PC-2 (192.168.10.200):
- Not in the allowed range → Cannot access or ping the switch’s management IP
-
AdministratorPC (whitelisted):
- Can access the switch using all supported remote management services
Troubleshooting
Common Issues:
Overlapping IP Entries:
- If the same IP (e.g., 192.168.10.120) appears in multiple entries with different service permissions, the logic applied is OR.
→ Result: All service types are allowed for that IP.
Administrator Locked Out:
- If all admin devices are removed from the whitelist, the Web GUI becomes inaccessible.
-
Solution:
- Connect via the Console port (if supported) to review or update the configuration.
- Use CLI to check the whitelist and restore access.
Note: If the Switch does not support Console, please check the manual of your Switch model to find out how to restore the device to factory default settings