[f-nsp] Brocade VDX6730 inband management ACL
Youssef Bengelloun-Zahr
youssef at 720.fr
Fri Feb 26 09:15:54 EST 2016
Dear Clement,
I personnally restricted access to the box via an ACL applied directly
under the interface I'm interested in.
For instance, for OOB interface :
interface Management 1/0
no tcp burstrate
ip icmp unreachable
ip icmp echo-reply
no ip address dhcp
ip address 10.75.1.21/24
ip access-group AUTHORIZED-V4-SUBNETS-FOR-MANAGEMENT in <====
ipv6 icmpv6 unreachable
ipv6 icmpv6 echo-reply
no ipv6 address autoconfig
no ipv6 address dhcp
!
I believe it should be the same for the other interfaces.
HTH.
2016-02-26 14:54 GMT+01:00 Clement Cavadore <clement at cavadore.net>:
> Hi,
>
> I have a couple of VDX in a fabric which run BGP & so on over public IP
> adresses. They are accessible using SSH on their outband interface, and
> also in inband, and I cannot figure out where we could restrict it to
> some access lists. => I am looking for the equivalent of "telnet/ssh
> access-group XX" in NOS 4.1.x.
>
> Anyone know that ?
>
> Thanks !
> --
> Clément Cavadore
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
--
Youssef BENGELLOUN-ZAHR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160226/90f3dafd/attachment.html>
More information about the foundry-nsp
mailing list