Device management security, Allowing sshv2 access to the brocade device, Allowing snmp access to the brocade device – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

The metric parameter specifies the metric (cost) of the gateway. You can specify a value from 1 - 5.
There is no default. The software uses the gateway with the lowest metric.

Device management security

By default, all management access is disabled. Each of the following management access methods
must be specifically enabled as required in your installation:

• SSHv2
• SNMP

The commands for granting access to each of these management interfaces is described in the
following.

Allowing SSHv2 access to the Brocade device

To allow SSHv2 access to the Brocade device, you must generate a Crypto Key as shown in the
following command.

device(config)#crypto key generate

Syntax: crypto key [ generate | zeroize ]

The generate parameter generates a dsa key pair.

The zeroize parameter deletes the currently operative dsa key pair.

In addition, you must use AAA authentication to create a password to allow SSHv2 access. For
example the following command configures AAA authentication to use TACACS+ for authentication as
the default or local if TACACS+ is not available.

device(config)#aaa authentication login default tacacs+ local

Allowing SNMP access to the Brocade device

To allow SNMP access to the Brocade device, enter the following command.

device(config)#snmp-server

Syntax: [no] snmp server

Disabling specific access methods

You can specifically disable the following access methods:

• Telnet access
• SNMP access
• TFTP

NOTE
If you disable Telnet access, you will not be able to access the CLI except through a serial connection
to the management module. If you disable SNMP access, you will not be able to use an SNMP-based
management applications.

Device management security

30

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03