Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 3
53-1002601-01
Remote access to management function restrictions
Remote access to management function restrictions
You can restrict access to management functions from remote sources, including Telnet and SNMP.
The following methods for restricting remote access are supported:
Using ACLs to restrict Telnet or SNMP access
Allowing remote access only from specific IP addresses
Allowing Telnet and SSH access only from specific MAC addresses
Allowing remote access only to clients connected to a specific VLAN
Specifically disabling Telnet or SNMP access to the device
The following sections describe how to restrict remote access to a Brocade device using these
methods.
ACL usage to restrict remote access
You can use standard ACLs to control the following access methods to management functions on a
Brocade device:
Telnet
SSH
SNMP
SNMP access SNMP read or
read-write
community strings
and the password
to the Super User
privilege level
NOTE: SNMP read
or
read-write
community
strings are
always
required
for SNMP
access to
the device.
Regulate SNMP access using ACLs
Allow SNMP access only from specific IP addresses
Disable SNMP access
Allow SNMP access only to clients connected to a
specific VLAN
Establish passwords to management levels of the CLI
Set up local user accounts
Establish SNMP read or read-write community strings
TFTP access Not secured Allow TFTP access only to clients connected to a
specific VLAN
Disable TFTP access
Access for Stacked
Devices
Access to multiple
consoles must be
secured after AAA
is enabled
Extra steps must be taken to secure multiple consoles
in an IronStack.
TABLE 2 Ways to secure management access to Brocade devices (Continued)
Access method How the access
method is secured
by default
Ways to secure the access method