beautypg.com

Using acls to restrict remote access, Using an acl to restrict telnet access – Brocade BigIron RX Series Configuration Guide User Manual

Page 134

background image

56

BigIron RX Series Configuration Guide

53-1002484-04

Restricting remote access to management functions

3

Specifically disabling Telnet, Web management interface, or SNMP access to the device

Using ACLs to restrict remote access

You can use standard ACLs to control the following access methods to management functions on
the device:

Telnet access

SSH access

Web management access

SNMP access

To configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device

2. Configure a Telnet access group, SSH access group, web access group, and SNMP community

strings. Each of these configuration items accepts an ACL as a parameter. The ACL contains
entries that identify the IP addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs.

NOTE

ACL filtering for remote management access is done in hardware.

Using an ACL to restrict Telnet access

To configure an ACL that restricts Telnet access to the device, enter commands such as the
following.

BigIron RX(config)# access-list 10 deny host 209.157.22.32 log

BigIron RX(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log

BigIron RX(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log

BigIron RX(config)# access-list 10 deny 209.157.25.0/24 log

BigIron RX(config)# access-list 10 permit any

BigIron RX(config)# telnet access-group 10

BigIron RX(config)# write memory

The commands configure ACL 10, then apply it as the access list for Telnet access. The device
allows Telnet access to all IP addresses except those listed in ACL 10.

Syntax: telnet access-group <num> | <name> | ipv6 <ipv6-access-list-name>

The <num> parameter specifies the number of a standard ACL, 1 – 99.

The <name> parameter specifies the standard access list name.

The ipv6 <ipv6-access-list-name> parameter specifies the IPv6 access list.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end
of the ACL. For example.

BigIron RX(config)# access-list 10 permit host 209.157.22.32

BigIron RX(config)# access-list 10 permit 209.157.23.0 0.0.0.255

BigIron RX(config)# access-list 10 permit 209.157.24.0 0.0.0.255

BigIron RX(config)# access-list 10 permit 209.157.25.0/24

BigIron RX(config)# telnet access-group 10

BigIron RX(config)# write memory

See also other documents in the category Brocade Computer Accessories: