beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 5

background image

Filtering SSH access using ACLs................................................................... 90
Terminating an active SSH connection........................................................... 90
Displaying SSH information............................................................................ 90

Displaying SSH connection information.............................................. 91
Displaying SSH configuration information...........................................91
Displaying additional SSH connection information..............................93

Secure copy with SSH2.................................................................................. 93

Enabling and disabling SCP................................................................93
Secure copy configuration notes.........................................................93
Example file transfers using SCP........................................................94

SSH2 client..................................................................................................... 96

Enabling SSH2 client.......................................................................... 97
Configuring SSH2 client public key authentication..............................97
Using SSH2 client............................................................................... 98
Displaying SSH2 client information..................................................... 99

Rule-Based IP ACLs ..............................................................................................................101

Supported Rule-Based IP ACL Features...................................................... 101
ACL overview................................................................................................ 103

Types of IP ACLs.............................................................................. 104
ACL IDs and entries.......................................................................... 104
Numbered and named ACLs.............................................................105
Default ACL action............................................................................ 105

How hardware-based ACLs work..................................................................106

How fragmented packets are processed...........................................106
Hardware aging of Layer 4 CAM entries........................................... 106

ACL configuration considerations................................................................. 106
Configuring standard numbered ACLs..........................................................107

Standard numbered ACL syntax....................................................... 108
Configuration example for standard numbered ACLs....................... 109

Standard named ACL configuration.............................................................. 109

Standard named ACL syntax............................................................ 109
Configuration example for standard named ACLs............................ 111

Extended numbered ACL configuration........................................................ 112

Extended numbered ACL syntax...................................................... 112

Extended named ACL configuration............................................................. 118
Applying egress ACLs to Control (CPU) traffic............................................. 122
Preserving user input for ACL TCP/UDP port numbers................................ 122
ACL comment text management...................................................................123

Adding a comment to an entry in a numbered ACL.......................... 123
Adding a comment to an entry in a named ACL............................... 124
Deleting a comment from an ACL entry............................................ 124
Viewing comments in an ACL........................................................... 124

Applying an ACL to a virtual interface in a protocol-or subnet-based VLAN.125
ACL logging...................................................................................................126

Configuration notes for ACL logging................................................. 126
Configuration tasks for ACL logging..................................................127
Example ACL logging configuration.................................................. 127
Displaying ACL Log Entries.............................................................. 128

Enabling strict control of ACL filtering of fragmented packets.......................128
Enabling ACL support for switched traffic in the router image...................... 129
Enabling ACL filtering based on VLAN membership or VE port

membership.............................................................................................130

Configuration notes for ACL filtering................................................. 130
Applying an IPv4 ACL to specific VLAN members on a port

(Layer 2 devices only)................................................................. 131

FastIron Ethernet Switch Security Configuration Guide

5

53-1003088-03

See also other documents in the category Brocade Computer Accessories: