Securing access methods – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

NOTE
Web management is not supported in Release 8.0.00a and later releases. If web management is
enabled, you must configure the no web-management command to disable it.

NOTE
For all Brocade devices, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication. Also, multiple challenges are supported for TACACS+ login authentication.

Securing access methods

The following table lists the management access methods available on a Brocade device, how they
are secured by default, and the ways in which they can be secured.

Ways to secure management access to Brocade devices

TABLE 2

Access method

How the access method is
secured by default

Ways to secure the
access method

See page

Serial access to the
CLI

Not secured

Establish passwords
for management
privilege levels

Setting passwords for
management privilege
levels

on page 32

Access to the
Privileged EXEC and
CONFIG levels of the
CLI

Not secured

Establish a password
for Telnet access to
the CLI

Setting a Telnet
password

on page 32

Establish passwords
for management
privilege levels

Setting passwords for
management privilege
levels

on page 32

Set up local user
accounts

Local user accounts

on

page 35

Configure TACACS/
TACACS+ security

TACACS and TACACS+
security

on page 42

Configure RADIUS
security

RADIUS security

on page

58

Telnet access

Not secured

Regulate Telnet
access using ACLs

Using an ACL to restrict
Telnet access

on page

23

Allow Telnet access
only from specific IP
addresses

Restricting Telnet access to a
specific IP address

on page 26

Restrict Telnet access
based on a client MAC
address

Restricting access to the device
based on IP orMAC address

on

page 26

Securing access methods

20

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03