Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

111

112

113

114

115

116

117

118

119

120

96 ServerIron ADX Administration Guide

53-1002434-01

Restricting remote access to management functions

Restricting SNMP access to a specific IP address

To allow SNMP access (which includes IronView) to the ServerIron only to the host with IP address

209.157.22.14, enter the following command.

ServerIronADX(config)# snmp-client 209.157.22.14

Syntax: [no] snmp-client <ip-addr>

Restricting all remote management access to a specific IP address

To allow Telnet, Web, and SNMP management access to the ServerIron only to the host with IP

address 209.157.22.69, you can enter three separate commands (one for each access type) or you

can enter the following command.

ServerIronADX(config)# all-client 209.157.22.69

Syntax: [no] all-client <ip-addr>

Restricting remote access to the device to specific VLAN IDs

You can restrict management access to a ServerIron to ports within a specific port-based VLAN.

VLAN-based access control applies to the following access methods:

• Telnet access

• Web management access

• SNMP access

• TFTP access

By default, access is allowed for all the methods listed above on all ports. Once you configure

security for a given access method based on VLAN ID, access to the device using that method is

restricted to only the ports within the specified VLAN.

VLAN-based access control works in conjunction with other access control methods. For example,

suppose you configure an ACL to permit Telnet access only to specific client IP addresses, and you

also configure VLAN-based access control for Telnet access. In this case, the only Telnet clients

that can access the device are clients that have one of the IP addresses permitted by the ACL and

are connected to a port that is in a permitted VLAN. Clients who have a permitted IP address but

are connected to a port in a VLAN that is not permitted still cannot access the device through

Telnet.

Restricting Telnet access to a specific VLAN

To allow Telnet access only to clients in a specific VLAN, enter a command such as the following.

ServerIronADX(config)# telnet server enable vlan 10

The command in this example configures the device to allow Telnet management access only to

clients connected to ports within port-based VLAN 10. Clients connected to ports that are not in

VLAN 10 are denied management access.

Syntax: [no] telnet server enable vlan <vlan-id>