Using an acl to restrict telnet access, Using an acl to restrict ssh access – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 24

Advertising
background image

4

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Remote access to management function restrictions

Consider the following to configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device.

2. Configure a Telnet access group, SSH access group, and SNMP community strings. Each of

these configuration items accepts an ACL as a parameter. The ACL contains entries that
identify the IP addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs. Refer
to

Chapter 3, “Rule-Based IP ACLs”

for more information on configuring ACLs.

Using an ACL to restrict Telnet access

To configure an ACL that restricts Telnet access to the device, enter commands such as the
following.

Brocade(config)# access-list 10 deny host 10.157.22.32 log
Brocade(config)# access-list 10 deny 10.157.23.0 0.0.0.255 log
Brocade(config)# access-list 10 deny 10.157.24.0 0.0.0.255 log
Brocade(config)# access-list 10 deny 10.157.25.0/24 log
Brocade(config)# access-list 10 permit any
Brocade(config)# telnet access-group 10
Brocade(config)# write memory

Syntax: telnet access-group num

The num parameter specifies the number of a standard ACL and must be from 1–99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access.
The device allows Telnet access to all IP addresses except those listed in ACL 10.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end
of the ACL.

Example

Brocade(config)# access-list 10 permit host 10.157.22.32
Brocade(config)# access-list 10 permit 10.157.23.0 0.0.0.255
Brocade(config)# access-list 10 permit 10.157.24.0 0.0.0.255
Brocade(config)# access-list 10 permit 10.157.25.0/24
Brocade(config)# telnet access-group 10
Brocade(config)# write memory

The ACL in this example permits Telnet access only to the IP addresses in the permit entries and
denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following.

Syntax: ssh access-group num

Brocade(config)# access-list 12 deny host 10.157.22.98 log
Brocade(config)# access-list 12 deny 10.157.23.0 0.0.0.255 log
Brocade(config)# access-list 12 deny 10.157.24.0/24 log
Brocade(config)# access-list 12 permit any
Brocade(config)# ssh access-group 12
Brocade(config)# write memory

Advertising
Popular Brands
Popular manuals