beautypg.com

Using an acl to restrict ssh access, Using an acl to restrict web management access – Brocade BigIron RX Series Configuration Guide User Manual

Page 135

background image

BigIron RX Series Configuration Guide

57

53-1002484-04

Restricting remote access to management functions

3

The ACL in the example permits Telnet access only to the IP addresses in the permit entries and
denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following.

Syntax: ssh access-group <num> | <name> | ipv6 <ipv6-access-list-name>

The <num> parameter specifies the number of a standard ACL, 1 – 99.

The <name> parameter specifies the standard access list name.

The ipv6 <ipv6-access-list-name> parameter specifies the IPv6 access list.

These commands configure ACL 12, then apply the ACL as the access list for SSH access. The
device denies SSH access from the IP addresses listed in ACL 12 and permits SSH access from all
other IP addresses. Without the last ACL entry for permitting all packets, this ACL would deny SSH
access from all IP addresses.

NOTE

In this example, the command ssh access-group 10 could have been used to apply the ACL
configured in the example for Telnet access. You can use the same ACL multiple times.

Using an ACL to restrict Web management access

To configure an ACL that restricts Web management access to the device, enter commands such
as the following.

Syntax: web access-group <num> | <name> | ipv6 <ipv6-access-list-name>

The <num> parameter specifies the number of a standard ACL, 1 – 99.

The <name> parameter specifies the standard access list name.

The ipv6 <ipv6-access-list-name> parameter specifies the IPv6 access list.

These commands configure ACL 12, then apply the ACL as the access list for Web management
access. The device denies Web management access from the IP addresses listed in ACL 12 and
permits Web management access from all other IP addresses. Without the last ACL entry for
permitting all packets, this ACL would deny Web management access from all IP addresses.

BigIron RX(config)# access-list 12 deny host 209.157.22.98 log

BigIron RX(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log

BigIron RX(config)# access-list 12 deny 209.157.24.0/24 log

BigIron RX(config)# access-list 12 permit any

BigIron RX(config)# ssh access-group 12

BigIron RX(config)# write memory

BigIron RX(config)# access-list 12 deny host 209.157.22.98 log

BigIron RX(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log

BigIron RX(config)# access-list 12 deny 209.157.24.0/24 log

BigIron RX(config)# access-list 12 permit any

BigIron RX(config)# web access-group 12

BigIron RX(config)# write memory

See also other documents in the category Brocade Computer Accessories: