Configuration Guide User guide

FastIron Configuration Guide 113
53-1002494-02
Remote access to management function restrictions
Using an ACL to restrict Telnet access
To configure an ACL that restricts Telnet access to the device, enter commands such as the
following.
Brocade(config)#access-list 10 deny host 209.157.22.32 log
Brocade(config)#access-list 10 deny 209.157.23.0 0.0.0.255 log
Brocade(config)#access-list 10 deny 209.157.24.0 0.0.0.255 log
Brocade(config)#access-list 10 deny 209.157.25.0/24 log
Brocade(config)#access-list 10 permit any
Brocade(config)#telnet access-group 10
Brocade(config)#write memory
Syntax: telnet access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.
The commands above configure ACL 10, then apply the ACL as the access list for Telnet access.
The device allows Telnet access to all IP addresses except those listed in ACL 10.
To configure a more restrictive ACL, create permit entries and omit the permit any entry at the end
of the ACL.
Example
Brocade(config)#access-list 10 permit host 209.157.22.32
Brocade(config)#access-list 10 permit 209.157.23.0 0.0.0.255
Brocade(config)#access-list 10 permit 209.157.24.0 0.0.0.255
Brocade(config)#access-list 10 permit 209.157.25.0/24
Brocade(config)#telnet access-group 10
Brocade(config)#write memory
The ACL in this example permits Telnet access only to the IP addresses in the permit entries and
denies Telnet access from all other IP addresses.
Using an ACL to restrict SSH access
To configure an ACL that restricts SSH access to the device, enter commands such as the following.
Syntax: ssh access-group <num>
The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.
These commands configure ACL 12, then apply the ACL as the access list for SSH access. The
device denies SSH access from the IP addresses listed in ACL 12 and permits SSH access from all
other IP addresses. Without the last ACL entry for permitting all packets, this ACL would deny SSH
access from all IP addresses.
NOTE
In this example, the command ssh access-group 10 could have been used to apply the ACL
configured in the example for Telnet access. You can use the same ACL multiple times.
Brocade(config)#access-list 12 deny host 209.157.22.98 log
Brocade(config)#access-list 12 deny 209.157.23.0 0.0.0.255 log
Brocade(config)#access-list 12 deny 209.157.24.0/24 log
Brocade(config)#access-list 12 permit any
Brocade(config)#ssh access-group 12
Brocade(config)#write memory