Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 1037
1028
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
16
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
restrict-access [host|ip-access-list|subnet]
restrict-access host <IP> {<IP>|log|subnet}
restrict-access host <IP> {<IP>|log [all|denied-only]}
restrict-access host <IP> {subnet <IP/M> {<IP/M>|log [all|denied-only]}}
restrict-access ip-access-list <IP-ACCESS-LIST-NAME>
restrict-access subnet <IP/M> {<IP/M>|host|log}
restrict-access subnet <IP/M> {<IP/M>|log [all|denied-only]}
restrict-access subnet <IP/M> {host <IP> {log [all|denied-only]}}
Parameters
restrict-access host <IP> {<IP>|log [all|denied-only]}
restrict-access host <IP> {subnet <IP/M> {<IP/M>|log [all|denied-only]}}
restrict-access ip-access-list <IP-ACCESS-LIST-NAME>
host <IP>
Restricts management access to a specified host. Filters access requests based on a host’s IP address
•
<IP> – Specify the host’s IP address.
<IP>
Optional. Use this option to add multiple hosts, if required, to the restrict access list.
log
[all|denied-only]
Optional. Configures a logging policy for access requests. Sets the log type generated for access requests
•
all – Logs all access requests, both denied and permitted
•
denied-only – Logs only denied access (when an access request is received from a host denied
access, a record is logged)
host <IP>
Restricts management access to a specified host. Uses the IP address of a host to filter access requests
•
<IP> – Specify the host’s IP address.
subnet <IP/M>
Optional. Restricts access to the host on a specified subnet. Uses a subnet IP address as a second filter
option
•
<IP/M> – Sets the subnet IP address in the A.B.C.D/M format
<IP/M>
Optional. Use this option to add multiple subnets, if required, to the restrict access list.
log [all|denied-only]
Optional. Configures a logging policy for access requests. Sets the log type generated for access requests
•
all – Logs all access requests, both denied and permitted
•
denied-only – Logs only denied access (when an access request is received from a host denied
access, a record is logged)
ip-access-list
Uses an IP access list to filter access requests
IP based firewalls function like Access Control Lists (ACLs) to filter/mark packets based on the IP from
which they arrive, as opposed to filtering packets on layer 2 ports. IP firewalls implement uniquely defined
access control policies. To have effective firewalls, you need to have a clear idea of the kind of access to
allow or deny. A poorly defined firewall is of little value, and could provide a false sense of network
security.
<IP-ACCESS-LIST-NAME>
Sets the access list name