beautypg.com

Using an acl to restrict ssh access, Using acls to restrict snmp access – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 100

background image

66

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Restricting remote access to management functions

TurboIron(config)#access-list 10 deny host 10.157.22.32 log

TurboIron(config)#access-list 10 deny 10.157.23.0 0.0.0.255 log

TurboIron(config)#access-list 10 deny 10.157.24.0 0.0.0.255 log

TurboIron(config)#access-list 10 deny 10.157.25.0/24 log

TurboIron(config)#access-list 10 permit any

TurboIron(config)#telnet access-group 10

TurboIron(config)#write memory

Syntax: telnet access-group

The parameter specifies the number of a standard ACL and must be from 1 – 99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access.
The device allows Telnet access to all IP addresses except those listed in ACL 10.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end
of the ACL.

Example

TurboIron(config)#access-list 10 permit host 10.157.22.32

TurboIron(config)#access-list 10 permit 10.157.23.0 0.0.0.255

TurboIron(config)#access-list 10 permit 10.157.24.0 0.0.0.255

TurboIron(config)#access-list 10 permit 10.157.25.0/24

TurboIron(config)#telnet access-group 10

TurboIron(config)#write memory

The ACL in this example permits Telnet access only to the IP addresses in the permit entries and
denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following.

Syntax: ssh access-group

The parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACL 12, then apply the ACL as the access list for SSH access. The
device denies SSH access from the IP addresses listed in ACL 12 and permits SSH access from all
other IP addresses. Without the last ACL entry for permitting all packets, this ACL would deny SSH
access from all IP addresses.

NOTE

In this example, the command ssh access-group 10 could have been used to apply the ACL
configured in the example for Telnet access. You can use the same ACL multiple times.

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

TurboIron(config)#access-list 12 deny host 10.157.22.98 log

TurboIron(config)#access-list 12 deny 10.157.23.0 0.0.0.255 log

TurboIron(config)#access-list 12 deny 10.157.24.0/24 log

TurboIron(config)#access-list 12 permit any

TurboIron(config)#ssh access-group 12

TurboIron(config)#write memory

See also other documents in the category Brocade Computer Accessories: