Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

676

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

12

In the following example, a controller has two IP interfaces defined with VLAN10 hosting
management and network services and VLAN70 providing guest services. For security the guest
network is separated from all trusted VLANs by a firewall.

By default, management services are accessible on both VLAN10 and VLAN70, and that’s not
desirable to an administrator. By restricting access to VLAN10, the controller only accepts
management sessions on VLAN10. Management access on VLAN70 is longer available.

Administrators can secure access to a controller or service platform by disabling less secure
interfaces. By default, the CLI, SNMP and FTP disable interfaces that do not support encryption or
authentication. However, Web management using HTTP is enabled. Insecure management
interfaces such as Telnet, HTTP and SNMP should be disabled, and only secure management
interfaces, like SSH and HTTPS should be used to access the controller or service platform
managed network.

The following table demonstrates some interfaces provide better security than others:

To set an access control configuration for the Management Access policy:

1. Select the Access Control tab from the Management Policy screen.

Interface

Description

IP Address

Management

VLAN10

Services

Yes

Yes

VLAN70

Guest

Yes

No

Access Type

Encrypted

Authenticated

Default State

Telnet

No

Yes

Disabled

SNMPv2

No

No

Enabled

SNMPv3

Yes

Yes

Enabled

HTTP

No

Yes

Disabled

HTTPS

Yes

Yes

Disabled

FTP

No

Yes

Disabled

SSHv2

Yes

Yes

Disabled