Saturday, August 6, 2011

Misc Commands and Notes 2

You can restrict remote management access to a single IP address for the following access methods:

• Telnet access
• Web management access
• SNMP access

Note: You cannot restrict remote management access using the Web Management Interface.

Restrict SSH / Telnet / Web / SNMP access to a single host:

Brocade(config)#web client 209.157.22.26

Brocade(config)#ip ssh client 209.157.22.39

Brocade(config)#telnet client 209.157.22.39

Brocade(config)#snmp-client 209.157.22.14

If you would like to restrict access to all of the above methods in ONE command then:

Brocade(config)#all-client 209.157.22.69

To configure the idle time for a Telnet session:

Brocade(config)#telnet timeout 120  (0 - 240 min | 0 is default)

Note: The standard for the idle-timeout RADIUS attribute is for it to be implemented in seconds as opposed to the minutes that the Brocade device uses.

Limiting telnet login attempts:

Brocade(config)# telnet login-retries <#> ( 0 - 5 | 4 is default )

Restricting remote access to the device to specific VLAN's:

VLAN-based access control applies to the following access methods:

• Telnet access
• Web management access
• SNMP access
• TFTP access

Brocade(config)# telnet server enable vlan 10

Brocade(config)# web-management enable vlan 10

Brocade(config)# snmp-server enable vlan 40

Brocade(config)# tftp client enable vlan 40

Telnet / Web / SNMP access is disabled by default and must be enable to access the device remotely:

Brocade(config)# telnet-server

Brocade(config)# web-management


Using the web-management command without the http or https option makes web management available for both. The http option specifies that web management is enabled for HTTP access. The https option specifies that web management is enabled for HTTPS access.

Brocade(config)# snmp-server

To set the telnet password:

Brocade(config)# enable telnet password letmein

Posted by AMB at 12:24 PM 0 comments

Misc Commands and Notes

The response to an invalid keyword, the command returns to the cursor will include all valid content up to where the error was made.

The prompt will only delete the invalid keyword “proc” and return to a prompt with the command 

Brocade# show 

This will allow the user to continue typing from the point of failure, rather than having to type out the entire command again.
_______________


When creating a LAG name, you can use spaces in a file or subdirectory name if you enclose the name in double quotes.

For example:  “a long subdirectory name”. 

The maximum length for a string is 64 characters.

The following characters are valid in file names:
• All upper and lowercase letters
• All digits

Any of the following special characters are valid:

•$ •% •' •- •_ •@ •~ •` •! •( •) •{ •} •^ •# •&

ACL to Restrict Telnet, SSH and Web access

Brocade(config)# access-list 10 deny 209.157.24.0 0.0.0.255
Brocade(config)# access-list 10 deny 209.157.25.0/24 
Brocade(config)# access-list 10 permit any
Brocade(config)# telnet access-group 10

You would just create ACLs like the one's just above but just wanted to show the command for SSH / Web access.

Brocade(config)# ssh access-group 12

Brocade(config)# web access-group 12

The <num> variable specifies the number of a standard IPv4 ACL, 1 – 99

Note: Use the ipv6 parameter if you are applying an IPv6 access list. 

SNMP -


Brocade(config)# access-list 25 deny 209.157.24.0 0.0.0.255 
Brocade(config)# access-list 25 permit any

Brocade(config)# access-list 30 deny 209.157.26.0/24 
Brocade(config)# access-list 30 permit any

Brocade(config)# snmp-server community public ro 25 
Brocade(config)# snmp-server community private rw 30
_______________

By default, a Brocade device does not time out serial console sessions. 

Brocade(config)# console timeout 120

Possible values: 0 – 240 minutes 

Default value: 0 minutes (no timeout)






Posted by AMB at 6:05 AM 0 comments
Subscribe to: Comments (Atom)