beautypg.com

Remote access to management function restrictions, Acl usage to restrict remote access, Using an acl to restrict telnet access – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 23

background image

Remote access to management function restrictions

You can restrict access to management functions from remote sources, including Telnet and SNMP.
The following methods for restricting remote access are supported:

• Using ACLs to restrict Telnet or SNMP access
• Allowing remote access only from specific IP addresses
• Allowing Telnet and SSH access only from specific MAC addresses
• Allowing remote access only to clients connected to a specific VLAN
• Specifically disabling Telnet or SNMP access to the device

NOTE
Web management is not supported in Release 8.0.00a and later releases. If web management is
enabled, you must configure the no web-management command to disable it.

The following sections describe how to restrict remote access to a Brocade device using these
methods.

ACL usage to restrict remote access

You can use standard ACLs to control the following access methods to management functions on a
Brocade device:

• Telnet
• SSH
• SNMP

Consider the following to configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device.
2. Configure a Telnet access group, SSH access group, and SNMP community strings. Each of these

configuration items accepts an ACL as a parameter. The ACL contains entries that identify the IP
addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs. Refer to
the Rule-Based IP ACLs chapter for more information on configuring ACLs.

Using an ACL to restrict Telnet access

To configure an ACL that restricts Telnet access to the device, enter commands such as the following.

device(config)#access-list 10 deny host 10.157.22.32 log

device(config)#access-list 10 deny 10.157.23.0 0.0.0.255 log

device(config)#access-list 10 deny 10.157.24.0 0.0.0.255 log

device(config)#access-list 10 deny 10.157.25.0/24 log

device(config)#access-list 10 permit any

device(config)#telnet access-group 10

device(config)#write memory

Syntax: telnet access-group num

The num parameter specifies the number of a standard ACL and must be from 1 - 99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access. The
device allows Telnet access to all IP addresses except those listed in ACL 10.

Remote access to management function restrictions

FastIron Ethernet Switch Security Configuration Guide

23

53-1003088-03

See also other documents in the category Brocade Computer Accessories: