Remote access to management function restrictions

TABLE 2 Ways to secure management access to Brocade devices (Continued)

Access method

How the access

Ways to secure the access method

 

method is secured

 

 

by default

 

SNMP access

SNMP read or

 

read-write

 

community strings

 

and the password

 

to the Super User

 

privilege level

 

NOTE: SNMP read

 

or

 

read-write

 

community

 

strings are

 

always

 

required

 

for SNMP

 

access to

 

the device.

Regulate SNMP access using ACLs

Allow SNMP access only from specific IP addresses

Disable SNMP access

Allow SNMP access only to clients connected to a specific VLAN

Establish passwords to management levels of the CLI

Set up local user accounts

Establish SNMP read or read-write community strings

TFTP access

Not secured

Allow TFTP access only to clients connected to a

 

 

specific VLAN

 

 

 

 

 

Disable TFTP access

 

 

 

Access for Stacked

Access to multiple

Extra steps must be taken to secure multiple consoles

Devices

consoles must be

in an IronStack.

 

secured after AAA

 

 

is enabled

 

 

 

 

Remote access to management function restrictions

You can restrict access to management functions from remote sources, including Telnet and SNMP. The following methods for restricting remote access are supported:

Using ACLs to restrict Telnet or SNMP access

Allowing remote access only from specific IP addresses

Allowing Telnet and SSH access only from specific MAC addresses

Allowing remote access only to clients connected to a specific VLAN

Specifically disabling Telnet or SNMP access to the device

The following sections describe how to restrict remote access to a Brocade device using these methods.

ACL usage to restrict remote access

You can use standard ACLs to control the following access methods to management functions on a Brocade device:

Telnet

SSH

SNMP

Brocade ICX 6650 Security Configuration Guide

3

53-1002601-01

 

Page 23
Image 23
Brocade Communications Systems 6650 Remote access to management function restrictions, ACL usage to restrict remote access