Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation

Remote access to management function restrictions

Remote access to management function restrictions

You can restrict access to management functions from remote sources, including Telnet and SNMP. 
The following methods for restricting remote access are supported:

•

Using ACLs to restrict Telnet or SNMP access

•

Allowing remote access only from specific IP addresses

•

Allowing Telnet and SSH access only from specific MAC addresses

•

Allowing remote access only to clients connected to a specific VLAN

•

Specifically disabling Telnet or SNMP access to the device

The following sections describe how to restrict remote access to a Brocade device using these 
methods.

ACL usage to restrict remote access 

You can use standard ACLs to control the following access methods to management functions on a 
Brocade device:

•

Telnet

•

SSH

•

SNMP

SNMP access

SNMP read or 
read-write 
community strings 
and the password 
to the Super User 
privilege level
NOTE: SNMP read 

or 
read-write 
community 
strings are 
always 
required 
for SNMP 
access to 
the device.

Regulate SNMP access using ACLs

Allow SNMP access only from specific IP addresses

Disable SNMP access

Allow SNMP access only to clients connected to a 
specific VLAN

Establish passwords to management levels of the CLI

Set up local user accounts

Establish SNMP read or read-write community strings

TFTP access

Not secured

Allow TFTP access only to clients connected to a 
specific VLAN

Disable TFTP access

Access for Stacked 
Devices

Access to multiple 
consoles must be 
secured after AAA 
is enabled

Extra steps must be taken to secure multiple consoles 
in an IronStack.

TABLE 2

Ways to secure management access to Brocade devices (Continued)

Access method

How the access 
method is secured 
by default

Ways to secure the access method