Ethernet Fabric (VDX, CNA)

Reply
Contributor
Posts: 20
Registered: ‎02-13-2013

VDX6720 and VDX6740 - telnet access

Hi

I use fabric build from VDX6720 and VDX6740 switches. Few VDX are doing L3 inter-vlan routing. All is working just fine - but I need to restrict telnet/ssh access to switches. How I can apply Access-List to restrict telnet/ssh access to the boxes ?

 

We running NOS 4.1.2 and logical-chassis mode.

 

Occasional Contributor
Posts: 15
Registered: ‎10-02-2009

Re: VDX6720 and VDX6740 - telnet access

Default permit any.

Create an acl and bind it to your management interface:

 

On a management interface, the default action of "permit any" is inserted at the end of an ACL that
has been bound.
To bind an ACL to a management interface, perform the following steps from privileged EXEC mode.
1. Enter the configure terminal command to access global configuration mode.
switch# configure terminal
2. Enter interface management followed by the rbridge-id/port, the IP version, the access-group
name for the ACL you want to bind, and the binding direction (ingress or egress).
switch(config)# interface management 1/0
switch(config-Management-1/0)# ip access-group stdACL3 in
switch(config-Management-1/0)# ipv6 access-group stdV6ACL1 in
switch(config-Management-1/0)# exit

 

Ronald

Cae
Occasional Visitor
Posts: 1
Registered: ‎08-09-2014

Re: VDX6720 and VDX6740 - telnet access

Good evening to all

 

You spoke about restrict telnet/ssh access through an access-list and apply it in management interface. And when i am  managing my VDX6740 and VDX 6710 running NOS 4.1.2a through from another interface, per exemple TenGigabitEthernet rbid/0/1 ? The only way to restrict telnet/ssh access is apply a specific access-list on that interface ?

 

Best Regards

Cae

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.