Setting the access control configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

675

53-1003099-01

12

6. Select the Administrator Role for the administrator using this profile. Only one role can be

assigned.

7. Select the OK button to save the administrator’s configuration. Select Reset to revert to the

last saved configuration.

Setting the Access Control Configuration

Adding or Editing a Management Access Policy

Restricting remote access to a controller or service platform ensures only trusted hosts can
communicate with enabled management services. This ensures only trusted hosts can perform
management tasks and provide protection from brute force attacks from hosts attempting to break
into the controller or service platform managed network.

Administrators can permit management connections to be established on any IP interface on the
controller or service platform (including IP interfaces used to provide captive portal guest access).
Administrators can restrict management access by limiting access to a specific host (IP address),
subnet, or ACL on the controller or service platform.

Refer to the Access Control tab to allow/deny management access to the network using
strategically selected protocols (HTTP, HTTPS, Telnet, SSH or SNMP). Access options can be either
enabled or disabled as required. Brocade recommends disabling unused interfaces to close
unnecessary security holes. The Access Control tab is not meant to function as an ACL (in routers or
other firewalls), where you can specify and customize specific IPs to access specific interfaces.

•

Source hosts - Management access can be restricted to one or more hosts by specifying their
IP addresses

•

Source subnets - Management access can be restricted to one or more subnets

•

IP ACL - Management access can be based on the policies defined in an IP based ACL

Superuser

Select this option to assign complete administrative rights to the user. This entails all the roles listed
for all the other administrative roles.

System

The System role provides permissions to configure general settings like NTP, boot parameters,
licenses, perform image upgrades, auto install, manager redundancy/clustering and control access.

Network

The Network role provides privileges to configure all wired and wireless parameters like IP
configuration, VLANs, L2/L3 security, WLANs, radios, and captive portal.

Security

Select Security to set the administrative rights for a security administrator allowing configuration of
all security parameters.

Monitor

Select Monitor to assign permissions without any administrative rights. The Monitor option provides
read-only permissions.

Help Desk

Assign this role to someone who typically troubleshoots and debugs problems reported by the
customer. The Help Desk manager typically runs troubleshooting utilities (like a sniffer), executes
service commands, views/retrieves logs and reboots the controller or service platform. However,
Help Desk personnel are not allowed to conduct controller or service platform reloads.

Web User

Select Web User to assign the administrator privileges needed to add users for authentication.