Configuration Guide Manual
Brocade TurboIron 24X Series Configuration Guide 65
53-1003053-01
Restricting remote access to management functions
Restricting remote access to management functions
You can restrict access to management functions from remote sources, including Telnet and SNMP.
The following methods for restricting remote access are supported:
• Using ACLs to restrict Telnet or SNMP access
• Allowing remote access only from specific IP addresses
• Allowing Telnet and SSH access only from specific MAC addresses
• Allowing remote access only to clients connected to a specific VLAN
• Specifically disabling Telnet or SNMP access to the device
The following sections describe how to restrict remote access to a device using these methods.
Using ACLs to restrict remote access
You can use standard ACLs to control the following access methods to management functions on a
device:
• Telnet
• SSH
• SNMP
Consider the following to configure access control for these management access methods.
1. Configure an ACL with the IP addresses you want to allow to access the device.
2. Configure a Telnet access group, SSH access group, Web access group, and SNMP community
strings. Each of these configuration items accepts an ACL as a parameter. The ACL contains
entries that identify the IP addresses that can use the access method.
The following sections present examples of how to secure management access using ACLs. Refer
to Chapter 28, “Configuring Rule-Based IP Access Control Lists” for more information on
configuring ACLs.
Using an ACL to restrict Telnet access
To configure an ACL that restricts Telnet access to the device, enter commands such as the
following.
TFTP access Not secured Allow TFTP access only to clients connected to a
specific VLAN
page 71
Disable TFTP access page 73
TABLE 18 Ways to secure management access to devices (Continued)
Access method How the access
method is secured
by default
Ways to secure the access method See page