Defining the console idle time, Remote access restrictions – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 25

Advertising
background image

The ro parameter indicates that the community string is for read-only ("get") access. The rw parameter
indicates the community string is for read-write ("set") access.

The num parameter specifies the number of a standard ACL and must be from 1 - 99.

These commands configure ACLs 25 and 30, then apply the ACLs to community strings.

ACL 25 is used to control read-only access using the "public" community string. ACL 30 is used to
control read-write access using the "private" community string.

NOTE
When snmp-server community is configured, all incoming SNMP packets are validated first by their
community strings and then by their bound ACLs.

Defining the console idle time

By default, a Brocade device does not time out serial console sessions. A serial session remains open
indefinitely until you close it. You can however define how many minutes a serial management session
can remain idle before it is timed out.

NOTE
You must enable AAA support for console commands, AAA authentication, and Exec authorization in
order to set the console idle time.

To configure the idle time for a serial console session, use the following command.

device(config)#console timeout 120

Syntax: [no] console timeout [ 0-240 ]

Possible values: 0 - 240 minutes

Default value: 0 minutes (no timeout)

NOTE
In RADIUS, the standard attribute Idle-Timeout is used to define the console session timeout value. The
attribute Idle-Timeout value is specified in seconds. Within the switch, it is truncated to the nearest
minute, because the switch configuration is defined in minutes.

Remote access restrictions

By default, a Brocade device does not control remote management access based on the IP address of
the managing device. You can restrict remote management access to a single IP address for the
following access methods:

• Telnet access
• SSH access
• SNMP access

In addition, you can restrict all access methods to the same IP address using a single command.

The following examples show the CLI commands for restricting remote access. You can specify only
one IP address with each command. However, you can enter each command ten times to specify up to
ten IP addresses.

Defining the console idle time

FastIron Ethernet Switch Security Configuration Guide

25

53-1003088-03

Advertising
Popular Brands
Popular manuals