Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

101

102

103

104

105

106

107

108

109

110

ServerIron ADX Administration Guide 93

53-1002434-01

Restricting remote access to management functions

Using ACLs to restrict remote access

You can use standard ACLs to control the following access methods to management functions on a

ServerIron:

• Telnet access

• SSH access

• Web management access

• SNMP access

To configure access control for these management access methods.

1. Configure an ACL with the IP addresses you want to allow to access the device

2. Configure a Telnet access group, SSH access group, web access group, and SNMP community

strings. Each of these configuration items accepts an ACL as a parameter. The ACL contains

entries that identify the IP addresses that can use the access method.

The following sections present examples of how to secure management access using ACLs.

Using an ACL to restrict Telnet access

To configure an ACL that restricts Telnet access to the device, enter commands such as the

following.

ServerIronADX(config)# access-list 10 deny host 209.157.22.32 log

ServerIronADX(config)# access-list 10 deny 209.157.23.0 0.0.0.255 log

ServerIronADX(config)# access-list 10 deny 209.157.24.0 0.0.0.255 log

ServerIronADX(config)# access-list 10 deny 209.157.25.0/24 log

ServerIronADX(config)# access-list 10 permit any

ServerIronADX(config)# telnet access-group 10

ServerIronADX(config)# write memory

Syntax: telnet access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

The commands above configure ACL 10, then apply the ACL as the access list for Telnet access.

The device allows Telnet access to all IP addresses except those listed in ACL 10.

To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end

of the ACL.

Example

ServerIronADX(config)# access-list 10 permit host 209.157.22.32

ServerIronADX(config)# access-list 10 permit 209.157.23.0 0.0.0.255

ServerIronADX(config)# access-list 10 permit 209.157.24.0 0.0.0.255

ServerIronADX(config)# access-list 10 permit 209.157.25.0/24

ServerIronADX(config)# telnet access-group 10

ServerIronADX(config)# write memory

The ACL in this example permits Telnet access only to the IP addresses in the permit entries and

denies Telnet access from all other IP addresses.

Using an ACL to restrict SSH access

To configure an ACL that restricts SSH access to the device, enter commands such as the following.