Device management security, Disabling specific access methods, Sshv2 – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 106: Snmp

Advertising
background image

72

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Restricting remote access to management functions

These commands configure port-based VLAN 10 to consist of ports 1 – 4 and to be the designated
management VLAN. The last two commands configure default gateways for the VLAN. Since the
10.10.10.1 gateway has a lower metric, the software uses this gateway. The other gateway remains
in the configuration but is not used. You can use the other one by changing the metrics so that the
10.20.20.1 gateway has the lower metric.

Syntax: [no] default-gateway <ip-addr> <metric>

The <ip-addr> parameters specify the IP address of the gateway router.

The <metric> parameter specifies the metric (cost) of the gateway. You can specify a value from 1 –
5. There is no default. The software uses the gateway with the lowest metric.

Device management security

By default, all management access is disabled. Each of the following management access methods
must be specifically enabled as required in your installation:

SSHv2

SNMP

The commands for granting access to each of these management interfaces is described in the
following.

SSHv2

To allow SSHv2 access to the device, you must generate a Crypto Key as shown in the following
command.

TurboIron(config)#crypto key generate

Syntax: crypto key [generate | zeroize]

The generate parameter generates a dsa key pair.

The zeroize parameter deletes the currently operative dsa key pair.

In addition, you must use AAA authentication to create a password to allow SSHv2 access. For
example the following command configures AAA authentication to use TACACS+ for authentication
as the default or local if TACACS+ is not available.

TurboIron(config)#aaa authentication login default tacacs+ local

SNMP

To allow SNMP access to the device, enter the following command.

TurboIron(config)#snmp-server

Syntax: [no] snmp-server

Disabling specific access methods

You can specifically disable the following access methods:

Telnet access

SNMP access

Advertising
Popular Brands
Popular manuals