Device management security, Disabling specific access methods, Sshv2 – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 106: Snmp
72
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
Restricting remote access to management functions
These commands configure port-based VLAN 10 to consist of ports 1 – 4 and to be the designated
management VLAN. The last two commands configure default gateways for the VLAN. Since the
10.10.10.1 gateway has a lower metric, the software uses this gateway. The other gateway remains
in the configuration but is not used. You can use the other one by changing the metrics so that the
10.20.20.1 gateway has the lower metric.
Syntax: [no] default-gateway
The
The
5. There is no default. The software uses the gateway with the lowest metric.
Device management security
By default, all management access is disabled. Each of the following management access methods
must be specifically enabled as required in your installation:
•
SSHv2
•
SNMP
The commands for granting access to each of these management interfaces is described in the
following.
SSHv2
To allow SSHv2 access to the device, you must generate a Crypto Key as shown in the following
command.
TurboIron(config)#crypto key generate
Syntax: crypto key [generate | zeroize]
The generate parameter generates a dsa key pair.
The zeroize parameter deletes the currently operative dsa key pair.
In addition, you must use AAA authentication to create a password to allow SSHv2 access. For
example the following command configures AAA authentication to use TACACS+ for authentication
as the default or local if TACACS+ is not available.
TurboIron(config)#aaa authentication login default tacacs+ local
SNMP
To allow SNMP access to the device, enter the following command.
TurboIron(config)#snmp-server
Syntax: [no] snmp-server
Disabling specific access methods
You can specifically disable the following access methods:
•
Telnet access
•
SNMP access