12-02-2013 07:36 AM
I am not experienced with configuring fibre switches so please bear with me. Is there a way I can turn off SSH access to a Brocade DS_300B fibre switch from the GUI?
I go into these switches only now and again to configure zoning for our SAN and am not that familiar with them, so I hoping these is somewhere in the GUI I can do this, however as yet I have not found where this can be done
If it helps it is running Fabric OS 6.1.0c
Thanks in advance
Solved! Go to Solution.
12-02-2013 07:59 AM - edited 12-02-2013 09:05 PM
Yes it is possible by means of configuring the ipfilter.
I believe this to be possible from the webgui if you hit the "advanced" button, however I don't know the exact name anymore of the tab.
Be aware you can lock yourself out of the switch by adjusting the ipfilter.
Make sure you you got the proper serial cable and test the serial connection first, you will need in the event you look yourself out.
Also make sure you clone the default policy, make alterations to your clone and than activate the cloned policy.
That enables a speedy rollback should you need it,it also preserves the deafult policy.
12-02-2013 04:20 PM
See below from the WebTools Admin Guide:
Configuring IP Filtering
Web Tools provides the ability to control what client IP addresses may connect to a switch or fabric.
To set up IP Filtering, perform the following steps.
1. Open the Switch Administration window (in Basic mode) as described in “Opening the Switch
Administration window” on page 31.
2. Click Show Advanced Mode.
3. Select the Security Policies tab.
4. Select IPFilter on the Security Policies menu.
5. Click Create Policy.
The Create IP Filter Policy dialog box displays.
6. Enter a policy name, select a policy type, and then click the Add Rule button.
7. Enter the rule order, rule type, source and destination IP addresses, and then modify the
service or destination port, protocol, and action as necessary.
Both the source and destination IP addresses are needed for the FWD rule type.
Only the source IP address is needed for the INPUT rule type, as the destination IP address
field is disabled.
8. Click OK.
After you create a policy, you can use the following controls on this tab to manage the policies:
• The Edit Policy button lets you select an existing policy and make changes to it.
• The Show Policy button lets you view the details of the policy in a read-only window.
• The Delete Policy button lets you delete a policy.
• The Clone Policy button lets you copy a policy. Use this feature when you want to create
similar policies. After you create a clone, you can edit the policy to make the appropriate
• The Activate Policy button lets you make an existing policy active.
• The Distribute Policy button lets you distribute a policy to various switches.
• The Accepts Distribution check box lets you set the policy to accept or reject distributions.
12-03-2013 04:04 AM
Thanks you very much for your hel p _ I am nearly there.
I have found there is already a defalt_ipv4 filter showing as active. I can show the policy and see that SSH is currently permitted. However the Edit Policy Tab is greyed out at the moment. I don't think it is permissions but I might be wrong?