beautypg.com

Defining the console idle time, Using acls to restrict snmp access – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 27

background image

Multi-Service IronWare Security Configuration Guide

9

53-1003035-02

Restricting remote access to management functions

1

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

NOTE

The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH,
and Web management access using ACLs.

These commands configure ACLs 25 and 30, then apply the ACLs to community strings. ACL 25 is
used to control read-only access using the “public” community string. ACL 30 is used to control
read-write access using the “private” community string.

Syntax: [no] snmp-server community string {ro | rw} {standard-acl-name | standard-acl-id | ipv6

ipv6-acl-name}

The string variable specifies the SNMP community string the user must enter to gain SNMP access.

The ro parameter indicates that the community string is for read-only (“get”) access. The rw
parameter indicates the community string is for read-write (“set”) access.

The ipv6 parameter indicates that you are applying an IPv6 access list.

The standard-acl-name or standard-acl-id or ipv6-acl-name variable specifies which ACL will be
used to filter incoming SNMP packets.

The standard-acl-id variable specifies the number of a standard IPv4 ACL, 1 – 99.

The standard-acl-name variable specifies the standard IPv4 access list name.

The ipv6-acl-name variable specifies the IPv6 access list name.

NOTE

When snmp-server community is configured, all incoming SNMP packets are validated first by their
community strings and then by their bound ACLs. Packets are permitted if no filters are configured
for an ACL.

Defining the console idle time

By default, a Brocade device does not time out serial console sessions. A serial session remains
open indefinitely until you close it. You can however define how many minutes a serial management
session can remain idle before it is timed out.

To configure the idle time for a serial console session, use the following command.

Brocade(config)# console timeout 120

Syntax: [no] console timeout value

Brocade(config)# access-list 25 deny host 10.157.22.98

Brocade(config)# access-list 25 deny 10.157.23.0 0.0.0.255

Brocade(config)# access-list 25 deny 10.157.24.0 0.0.0.255

Brocade(config)# access-list 25 permit any

Brocade(config)# access-list 30 deny 10.157.25.0 0.0.0.255

Brocade(config)# access-list 30 deny 10.157.26.0/24

Brocade(config)# access-list 30 permit any

Brocade(config)# snmp-server community public ro 25

Brocade(config)# snmp-server community private rw 30

Brocade(config)# write memory

See also other documents in the category Brocade Computer Accessories: