Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

101

102

103

104

105

106

107

108

109

110

94 ServerIron ADX Administration Guide

53-1002434-01

Restricting remote access to management functions

ServerIronADX(config)# access-list 12 deny host 209.157.22.98 log

ServerIronADX(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log

ServerIronADX(config)# access-list 12 deny 209.157.24.0/24 log

ServerIronADX(config)# access-list 12 permit any

ServerIronADX(config)# ssh access-group 12

ServerIronADX(config)# write memory

Syntax: ssh access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACL 12, then apply the ACL as the access list for SSH access. The

device denies SSH access from the IP addresses listed in ACL 12 and permits SSH access from all

other IP addresses. Without the last ACL entry for permitting all packets, this ACL would deny SSH

access from all IP addresses.

NOTE

In this example, the command ssh access-group 10 could have been used to apply the ACL

configured in the example for Telnet access. You can use the same ACL multiple times.

Using an ACL to restrict Web management access

To configure an ACL that restricts Web management access to the device, enter commands such

as the following.

ServerIronADX(config)# access-list 12 deny host 209.157.22.98 log

ServerIronADX(config)# access-list 12 deny 209.157.23.0 0.0.0.255 log

ServerIronADX(config)# access-list 12 deny 209.157.24.0/24 log

ServerIronADX(config)# access-list 12 permit any

ServerIronADX(config)# web access-group 12

ServerIronADX(config)# write memory

Syntax: web access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACL 12, then apply the ACL as the access list for Web management

access. The device denies Web management access from the IP addresses listed in ACL 12 and

permits Web management access from all other IP addresses. Without the last ACL entry for

permitting all packets, this ACL would deny Web management access from all IP addresses.

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

NOTE

The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH,

and Web management access using ACLs.

ServerIronADX(config)# access-list 25 deny host 209.157.22.98 log

ServerIronADX(config)# access-list 25 deny 209.157.23.0 0.0.0.255 log

ServerIronADX(config)# access-list 25 deny 209.157.24.0 0.0.0.255 log

ServerIronADX(config)# access-list 30 deny 209.157.25.0 0.0.0.255 log

ServerIronADX(config)# access-list 30 deny 209.157.26.0/24 log

ServerIronADX(config)# access-list 30 permit any

ServerIronADX(config)# snmp-server community public ro 25

ServerIronADX(config)# snmp-server community private rw 30

ServerIronADX(config)# write memory