beautypg.com

Using an acl to restrict telnet access, Using an acl to restrict ssh access – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 25

background image

Multi-Service IronWare Security Configuration Guide

7

53-1003035-02

Restricting remote access to management functions

1

Using an ACL to restrict Telnet access

To configure an ACL that restricts Telnet access to the device, enter commands such as the
following:

Brocade(config)# access-list 10 deny host 10.157.22.32

Brocade(config)# access-list 10 deny 10.157.23.0 0.0.0.255

Brocade(config)# access-list 10 deny 10.157.24.0 0.0.0.255

Brocade(config)# access-list 10 deny 10.157.25.0/24

Brocade(config)# access-list 10 permit any

Brocade(config)# telnet access-group 10

Brocade(config)# write memory

The commands configure ACL 10, then apply it as the access list for Telnet access. The device
allows Telnet access to all IP addresses except those listed in ACL 10.

Syntax: [no] telnet access-group {num | name | ipv6 ipv6-acl-name}

Use the ipv6 parameter if you are applying an IPv6 access list.

The num variable specifies the number of a standard IPv4 ACL, 1 – 99.

The name variable specifies the standard IPv4 access list name.

The ipv6-acl-name variable specifies the IPv6 access list name.

NOTE

ACLs for Telnet sessions will be applied only to inbound sessions.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end
of the ACL.

Example

Brocade(config)# access-list 10 permit host 10.157.22.32

Brocade(config)# access-list 10 permit 10.157.23.0 0.0.0.255

Brocade(config)# access-list 10 permit 10.157.24.0 0.0.0.255

Brocade(config)# access-list 10 permit 10.157.25.0/24

Brocade(config)# telnet access-group 10

Brocade(config)# write memory

The ACL in the example permits Telnet access only from the IPv4 addresses in the permit entries
and denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following:

Syntax: [no] ssh access-group {num | name | ipv6 ipv6-acl-name}

Use the ipv6 parameter if you are applying an IPv6 access list.

The num variable specifies the number of a standard IPv4 ACL, 1 – 99.

The name variable specifies the standard IPv4 access list name.

Brocade(config)# access-list 12 deny host 10.157.22.98

Brocade(config)# access-list 12 deny 10.157.23.0 0.0.0.255

Brocade(config)# access-list 12 deny 10.157.24.0/24

Brocade(config)# access-list 12 permit any

Brocade(config)# ssh access-group 12

Brocade(config)# write memory

See also other documents in the category Brocade Computer Accessories: