beautypg.com

Restricting remote access to management functions, Using acls to restrict remote access – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 24

background image

6

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Restricting remote access to management functions

1

Restricting remote access to management functions

You can restrict access to management functions from remote sources, including Telnet, SSH, the
Web Management Interface, and SNMP. The following methods for restricting remote access are
supported:

Using ACLs to restrict Telnet, SSH, Web Management Interface, or SNMP access.

Allowing remote access only from specific IP addresses.

Allowing remote access only to clients connected to a specific VLAN.

Specifically disabling Telnet, SSH, Web Management Interface, or SNMP access to the device.

Using Management VRF to restrict access from certain physical ports.

NOTE

The Web Management Interface is only supported on the Brocade NetIron XMR and Brocade MLX
series devices.

NOTE

If the display on the front panel of the Web Management Interface is distorted, manually click on the
link to reset the display to normal.

Using ACLs to restrict remote access

You can use ACLs to control the following access methods to management functions on the
Brocade device:

Telnet access

SSH access

Web management access

SNMP access

NOTE

IP ACLs are IP version specific. When both IPv4 and IPv6 ACLs are configured, the IPv4 ACL will be
applied to sessions from IPv4 clients and the IPv6 ACL will be applied to sessions from IPv6 clients.

Follow the steps listed below to configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device. You can specify

an IPv6 ACL, a numbered standard IPv4 ACL, or a named standard IPv4 ACL.

2. Configure a Telnet access group, SSH access group, web access group, and SNMP community

strings for SNMPv1, SNMPv2c or SNMPv3 user. Each of these configuration items accepts an
ACL as a parameter. The ACL contains entries that identify the IP addresses that can use the
access method.

The following sections present examples of how to secure management access using ACLs. Refer
to “Access Control List” chapter and “Configuring an IPv6 Access Control List” for more information
on configuring ACLs.

NOTE

ACL filtering for remote management access is done in hardware.

See also other documents in the category Brocade Computer Accessories: