- Community Home
- >
- Storage
- >
- Storage Networking
- >
- HPE Storage Networking - Switches
- >
- SAN switch management port access restriction
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2019 12:56 AM
04-03-2019 12:56 AM
SAN switch management port access restriction
Hi
I have a question with SAN switch management port.
Customer is using Brocade 8Gb SAN Switch and wants to restrict the management port login for security.
For example :
==============
switch IP :10.77.77.77 Customer PCs IP : 10.77.77.1 ~77.
Customer want to allow only 3 IPs(10.77.77.1~3) to login(ssh/telnet) to the management port.
Is it possible through setting any parameter on the switch side?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2019 05:27 AM
04-05-2019 05:27 AM
Re: SAN switch management port access restriction
Hello,
its possible via IP filters. use command bellow to to display current settings.
ipfilter --show
Example:
Name: default_ipv4, Type: ipv4, State: defined
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 80 permit
4 any tcp 443 permit
5 any udp 161 permit
6 any udp 123 permit
7 any tcp 600 - 1023 permit
8 any udp 600 - 1023 permit
If you would like to change something there, you have to clone current config, adjust rules and activate (cloned one) it.
There is more info in admin guide or direclty on switch via command:
help ipfilter
Be sure that your serial connection is wroking, because if you block all IPs via ssh/telnet there will be no a lot of chances how to connect to the switches, probably only via web gui.
- Tags:
- IF you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2019 03:02 AM
04-07-2019 03:02 AM
Re: SAN switch management port access restriction
>> The following may help ; ipFilter commands from Brocade Fabric OS command reference
Step 1: Check current configuration : #ipfilter --show
Step 2: Clone current configuration : ipfilter --clone policyname -from src_policyname
Step 3: Modify cloned configuration and save it. : ipfilter --save [policyname]
Step 4: Activate new firewall configuration : ipfilter --activate policyname
DESCRIPTION :
Use this command to manage IP filter policies. The ipFilter command and command options are
noninteractive, except when prompting for a confirmation.
The IP filter policy sets up a packet filtering firewall to provide access control on the management IP
interface. The IPv4 and IPv6 policies are either in the defined configuration or in the active configuration.
Excluding the default policies, there can be a maximum of six policies in the defined configuration and
one policy per IPv4 and IPv6 type in the active configuration.
The active policy must be the default policy or one of the policies in the defined configuration. Only the
active policies are enforced. All of the ipFilter options except --show and --transabort, create a
transaction owned by the management session initiating the commands.
I'm an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2019 02:56 AM
04-10-2019 02:56 AM
Re: SAN switch management port access restriction
Hello,
with these steps he will not acchive restriction of particular protocol, only clone of rule will be executed.
The modify of current rules and creation of new one is must.