Restricting snmp access to a specific vlan, Restricting tftp access to a specific vlan – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 105

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

71

53-1003053-01

Restricting remote access to management functions

Syntax: [no] telnet server enable vlan <vlan-id>

Restricting SNMP access to a specific VLAN

To allow SNMP access only to clients in a specific VLAN, enter a command such as the following.

TurboIron(config)#snmp-server enable vlan 40

The command in this example configures the device to allow SNMP access only to clients
connected to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40
are denied access.

Syntax: [no] snmp-server enable vlan <vlan-id>

Restricting TFTP access to a specific VLAN

To allow TFTP access only to clients in a specific VLAN, enter a command such as the following.

TurboIron(config)#tftp client enable vlan 40

The command in this example configures the device to allow TFTP access only to clients connected
to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40 are denied
access.

Syntax: [no] tftp client enable vlan <vlan-id>

Designated VLAN for Telnet management sessions to a Layer 2 Switch

By default, the management IP address you configure on a Layer 2 Switch applies globally to all the
ports on the device. This is true even if you divide the device ports into multiple port-based VLANs.

If you want to restrict the IP management address to a specific port-based VLAN, you can make
that VLAN the designated management VLAN for the device. When you configure a VLAN to be the
designated management VLAN, the management IP address you configure on the device is
associated only with the ports in the designated VLAN. To establish a Telnet management session
with the device, a user must access the device through one of the ports in the designated VLAN.

You also can configure up to five default gateways for the designated VLAN, and associate a metric
with each one. The software uses the gateway with the lowest metric. The other gateways reside in
the configuration but are not used. To use one of the other gateways, modify the configuration so
that the gateway you want to use has the lowest metric.

If more than one gateway has the lowest metric, the gateway that appears first in the running-config
is used.

NOTE

If you have already configured a default gateway globally and you do not configure a gateway in the
VLAN, the software uses the globally configured gateway and gives the gateway a metric value of 1.

To configure a designated management VLAN, enter commands such as the following.

TurboIron(config)#vlan 10 by port

TurboIron(config-vlan-10)#untag ethernet 1 to 4

TurboIron(config-vlan-10)#management-vlan

TurboIron(config-vlan-10)#default-gateway 10.10.10.1 1

TurboIron(config-vlan-10)#default-gateway 10.20.20.1 2

Advertising
Popular Brands
Popular manuals