Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

171

172

173

174

175

176

177

178

179

180

114 FastIron Configuration Guide

53-1002494-02

Remote access to management function restrictions

Using an ACL to restrict Web management access

To configure an ACL that restricts Web management access to the device, enter commands such

as the following.

Syntax: web access-group <num>

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACL 12, then apply the ACL as the access list for Web management

access. The device denies Web management access from the IP addresses listed in ACL 12 and

permits Web management access from all other IP addresses. Without the last ACL entry for

permitting all packets, this ACL would deny Web management access from all IP addresses.

Using ACLs to restrict SNMP access

To restrict SNMP access to the device using ACLs, enter commands such as the following.

NOTE

The syntax for using ACLs for SNMP access is different from the syntax for controlling Telnet, SSH,

and Web management access using ACLs.

Syntax: snmp-server community <string> ro | rw <num>

The <string> parameter specifies the SNMP community string the user must enter to gain SNMP

access.

The ro parameter indicates that the community string is for read-only (“get”) access. The rw

parameter indicates the community string is for read-write (“set”) access.

The <num> parameter specifies the number of a standard ACL and must be from 1 – 99.

These commands configure ACLs 25 and 30, then apply the ACLs to community strings.

ACL 25 is used to control read-only access using the “public” community string. ACL 30 is used to

control read-write access using the “private” community string.

Brocade(config)#access-list 12 deny host 209.157.22.98 log

Brocade(config)#access-list 12 deny 209.157.23.0 0.0.0.255 log

Brocade(config)#access-list 12 deny 209.157.24.0/24 log

Brocade(config)#access-list 12 permit any

Brocade(config)#web access-group 12

Brocade(config)#write memory

Brocade(config)#access-list 25 deny host 209.157.22.98 log

Brocade(config)#access-list 25 deny 209.157.23.0 0.0.0.255 log

Brocade(config)#access-list 25 deny 209.157.24.0 0.0.0.255 log

Brocade(config)#access-list 25 permit any

Brocade(config)#access-list 30 deny 209.157.25.0 0.0.0.255 log

Brocade(config)#access-list 30 deny 209.157.26.0/24 log

Brocade(config)#access-list 30 permit any

Brocade(config)#snmp-server community public ro 25

Brocade(config)#snmp-server community private rw 30

Brocade(config)#write memory