beautypg.com

Management-policy, Chapter 16, Chapter 16, management-policy – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1024: Chapter

background image

Brocade Mobility RFS Controller CLI Reference Guide

1015

53-1003098-01

Chapter

16

MANAGEMENT-POLICY

This chapter summarizes management policy commands in the CLI command structure.

A management policy contains configuration elements for managing a device, such as access
control, SNMP, admin user credentials, and roles.

A controller (wireless controller, access point, or service platform) uses mechanisms to allow or
deny device access to separate interfaces and protocols (HTTP, HTTPS, Telnet, SSH or SNMP).
Management access can be enabled or disabled as required for unique policies. The management
access functionality is not meant to function as an ACL (in routers or other firewalls), where
administrators specify and customize specific IPs to access specific interfaces.

Controllers and service platforms can be managed using multiple interfaces (SNMP, CLI and Web
UI). By default, management access is unrestricted, allowing management access to any enabled
IP interface from any host using any enabled management service.

To enhance security, administrators can do the following:

Restrict SNMP, CLI and Web UI access to specific hosts or subnets

Disable un-used and insecure interfaces as required within managed access profiles.
Disabling un-used management services can dramatically reduce an attack footprint and free
resources on managed devices

Provide authentication for management users

Apply access restrictions and permissions to management users

Management restrictions can be applied to meet specific policies or industry requirements
requiring only certain devices or users be granted access to critical infrastructure devices.
Management restrictions can also be applied to reduce the attack footprint of the device
when guest services are deployed.

Access Points utilize a single management access policy, so ensure all the intended
administrative roles, permissions, authentication and SNMP settings are correctly set. If
an access point is functioning as a virtual controller AP, these are the access settings used
by adopted access points of the same model as the virtual controller AP.

Brocade recommends disabling un-used and insecure interfaces as required within managed
access profiles. Disabling un-used management services can dramatically reduce an attack
footprint and free resources on managed devices.

Use the (config) instance to configure a management policy. To navigate to the config management
policy instance, use the following commands:

(config)#management-policy

rfs7000-37FABE(config)#management-policy test

To commit a management-policy, at least one admin user account must always be present in the
management-policy:

rfs7000-37FABE(config-management-policy-test)#user admin password 0

motorolasolutions role superuser access all

rfs7000-37FABE(config-management-policy-test)#

See also other documents in the category Brocade Computer Accessories: