Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

171

172

173

174

175

176

177

178

179

180

FastIron Configuration Guide 121

53-1002494-02

Remote access to management function restrictions

These commands configure port-based VLAN 10 to consist of ports 1/1 – 1/4 and to be the

designated management VLAN. The last two commands configure default gateways for the VLAN.

Since the 10.10.10.1 gateway has a lower metric, the software uses this gateway. The other

gateway remains in the configuration but is not used. You can use the other one by changing the

metrics so that the 20.20.20.1 gateway has the lower metric.

Syntax: [no] default-gateway <ip-addr> <metric>

The <ip-addr> parameters specify the IP address of the gateway router.

The <metric> parameter specifies the metric (cost) of the gateway. You can specify a value from 1 –

5. There is no default. The software uses the gateway with the lowest metric.

Device management security

By default, all management access is disabled. Each of the following management access methods

must be specifically enabled as required in your installation:

• SSHv2

• SNMP

• Web management through HTTP

• Web management through HTTPS

The commands for granting access to each of these management interfaces is described in the

following.

Allowing SSHv2 access to the Brocade device

To allow SSHv2 access to the Brocade device, you must generate a Crypto Key as shown in the

following command.

Brocade(config)#crypto key generate

Syntax: crypto key [generate | zeroize]

The generate parameter generates a dsa key pair.

The zeroize parameter deletes the currently operative dsa key pair.

In addition, you must use AAA authentication to create a password to allow SSHv2 access. For

example the following command configures AAA authentication to use TACACS+ for authentication

as the default or local if TACACS+ is not available.

Brocade(config)#aaa authentication login default tacacs+ local

Allowing SNMP access to the Brocade device

To allow SNMP access to the Brocade device, enter the following command.

Brocade(config)#snmp-server

Syntax: [no] snmp-server

Allowing Web management through HTTP for the Brocade device

To allow web management through HTTP for the Brocade device, you enable web management as

shown in the following command.