[f-nsp] Brocade VDX6730 inband management ACL
Clement Cavadore
clement at cavadore.net
Fri Feb 26 09:21:02 EST 2016
Hello Youssef,
Thanks for your reply, but I cannot do that (applying it on a Ve --
management interfaces are used for something different), since the VDX
is being used as a router.
Correct me if I'm wrong, but if I apply an ip access group, all the
routed traffic will be impacted by the ACL.
I am just interested in applying such an ACL to the traffic towards the
switches itselves...
Clément
On Fri, 2016-02-26 at 15:15 +0100, Youssef Bengelloun-Zahr wrote:
> Dear Clement,
>
>
> I personnally restricted access to the box via an ACL applied directly
> under the interface I'm interested in.
>
>
> For instance, for OOB interface :
>
> interface Management 1/0
> no tcp burstrate
> ip icmp unreachable
> ip icmp echo-reply
> no ip address dhcp
> ip address 10.75.1.21/24
> ip access-group AUTHORIZED-V4-SUBNETS-FOR-MANAGEMENT in <====
> ipv6 icmpv6 unreachable
> ipv6 icmpv6 echo-reply
> no ipv6 address autoconfig
> no ipv6 address dhcp
> !
>
>
> I believe it should be the same for the other interfaces.
>
>
> HTH.
>
>
>
> 2016-02-26 14:54 GMT+01:00 Clement Cavadore <clement at cavadore.net>:
> Hi,
>
> I have a couple of VDX in a fabric which run BGP & so on over
> public IP
> adresses. They are accessible using SSH on their outband
> interface, and
> also in inband, and I cannot figure out where we could
> restrict it to
> some access lists. => I am looking for the equivalent of
> "telnet/ssh
> access-group XX" in NOS 4.1.x.
>
> Anyone know that ?
>
> Thanks !
> --
> Clément Cavadore
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>
> --
> Youssef BENGELLOUN-ZAHR
>
More information about the foundry-nsp
mailing list