Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
Brocade ICX 6650 Security Configuration Guide
9
53-1002601-01
Remote access to management function restrictions
Specifying the maximum number of login attempts
for Telnet access
for Telnet access
If you are connecting to the Brocade device using Telnet, the device prompts you for a username
and password. By default, you have up to 4 chances to enter a correct username and password. If
you do not enter a correct username or password after 4 attempts, the Brocade device disconnects
the Telnet session.
and password. By default, you have up to 4 chances to enter a correct username and password. If
you do not enter a correct username or password after 4 attempts, the Brocade device disconnects
the Telnet session.
You can specify the number of attempts a Telnet user has to enter a correct username and
password before the device disconnects the Telnet session. For example, to allow a Telnet user up
to 5 chances to enter a correct username and password, enter the following command.
password before the device disconnects the Telnet session. For example, to allow a Telnet user up
to 5 chances to enter a correct username and password, enter the following command.
Brocade(config)# telnet login-retries 5
Syntax: [no] telnet login-retries number
You can specify from 0–5 attempts. The default is 4 attempts.
Changing the login timeout period for Telnet sessions
To change the login timeout period for Telnet sessions to 5 minutes, enter the following command:
Brocade(config)# telnet login-timeout 5
Syntax: [no] telnet login-timeout minutes
For minutes, specify a value from 1–10. The default is 2 minutes.
Restricting remote access to the device to
specific VLAN IDs
specific VLAN IDs
You can restrict management access to a Brocade device to ports within a specific port-based
VLAN. VLAN-based access control applies to the following access methods:
VLAN. VLAN-based access control applies to the following access methods:
•
Telnet access
•
SNMP access
•
TFTP access
By default, access is allowed for all the methods listed above on all ports. After you configure
security for a given access method based on VLAN ID, access to the device using that method is
restricted to only the ports within the specified VLAN.
security for a given access method based on VLAN ID, access to the device using that method is
restricted to only the ports within the specified VLAN.
VLAN-based access control works in conjunction with other access control methods. For example,
suppose you configure an ACL to permit Telnet access only to specific client IP addresses, and you
also configure VLAN-based access control for Telnet access. In this case, the only Telnet clients that
can access the device are clients that have one of the IP addresses permitted by the ACL and are
connected to a port that is in a permitted VLAN. Clients who have a permitted IP address but are
connected to a port in a VLAN that is not permitted still cannot access the device through Telnet.
suppose you configure an ACL to permit Telnet access only to specific client IP addresses, and you
also configure VLAN-based access control for Telnet access. In this case, the only Telnet clients that
can access the device are clients that have one of the IP addresses permitted by the ACL and are
connected to a port that is in a permitted VLAN. Clients who have a permitted IP address but are
connected to a port in a VLAN that is not permitted still cannot access the device through Telnet.
Restricting Telnet access to a specific VLAN
To allow Telnet access only to clients in a specific VLAN, enter a command such as the following.