Remote access to management function restrictions, Acl usage to restrict remote access – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

3

53-1002601-01

Remote access to management function restrictions

Remote access to management function restrictions

You can restrict access to management functions from remote sources, including Telnet and SNMP.
The following methods for restricting remote access are supported:

•

Using ACLs to restrict Telnet or SNMP access

•

Allowing remote access only from specific IP addresses

•

Allowing Telnet and SSH access only from specific MAC addresses

•

Allowing remote access only to clients connected to a specific VLAN

•

Specifically disabling Telnet or SNMP access to the device

The following sections describe how to restrict remote access to a Brocade device using these
methods.

ACL usage to restrict remote access

You can use standard ACLs to control the following access methods to management functions on a
Brocade device:

•

Telnet

•

SSH

•

SNMP

SNMP access

SNMP read or
read-write
community strings
and the password
to the Super User
privilege level
NOTE: SNMP read

or
read-write
community
strings are
always
required
for SNMP
access to
the device.

Regulate SNMP access using ACLs

Allow SNMP access only from specific IP addresses

Disable SNMP access

Allow SNMP access only to clients connected to a
specific VLAN

Establish passwords to management levels of the CLI

Set up local user accounts

Establish SNMP read or read-write community strings

TFTP access

Not secured

Allow TFTP access only to clients connected to a
specific VLAN

Disable TFTP access

Access for Stacked
Devices

Access to multiple
consoles must be
secured after AAA
is enabled

Extra steps must be taken to secure multiple consoles
in an IronStack.

TABLE 2

Ways to secure management access to Brocade devices (Continued)

Access method

How the access
method is secured
by default

Ways to secure the access method