Welcome to Dell Technologies Connectrix Brocade B-Series - How to Series. How to block, disable, or deny HTTP access to a Brocade switch.
Reference Dell Knowledge Article Number 192275. This video was created to: Demonstrate how to block, disable or deny HTTP access to a Brocade B-Series switch by creating a policy with a rule, to deny access by any IP using HTTP port 80.
This can be achieved by using the "IPFilter" command. This video presents the following: The IP Filter policy is a set of rules that are applied to the IP management interfaces as a packet filtering firewall.
The firewall permits or denies the traffic going through the IP management interfaces according to the policy rules. You can create an IP Filter policy specifying any name and using type IPv4 or IPv6.
The policy that is created is stored in a temporary buffer, and is lost if the current command session logs out. The policy name is a unique string composed of a maximum of 20 alpha, numeric, and underscore characters.
The names "default_ivp4" and "default_ipv6" are reserved for default IP Filter policies. The policy name is case-insensitive and always stored as lower case.
The policy type identifies the policy as an IPv4 or IPv6 filter. When to do this. The security policies in your organization require HTTP access to be disabled.
Before you begin: Refer to the following steps that are used to create a policy with a rule to deny access by any IP using HTTP port 80, and then save and activate the policy.
Log in to the switch with the user having admin permissions, and run the command "ipfilter--show" to check the current active policy on the switch.
Identify the rule number for HTTP. There would be two IP Filter policies by default on the switch. And by default, all the listed ports are permitted.
Clone the default policies using the command "ipfilter--clone". ipv4_denyhttp is the new policy name. Run the same command for IPv6. Delete the current HTTP rule from cloned policies.
Add a rule to the new policy to deny HTTP access. Save the policies. View the policies, and activate the new policies. Now check the current active policy on the switch.
You can see that HTTP access is disabled. Please review the following important notes: An IP Filter policy consists of a set of rules. Each rule has an index number identifying the rule.
In this demo, rule 3 is for HTTP. On a chassis system, changes to persistent IP Filter policies are automatically synchronized to the standby CP when the changes are saved persistently on the active CP.
The standby CP will enforce the filter policies to its management interface after policies are synchronized with the active CP. Virtual Fabrics considerations for IP Filter policies: Each logical switch cannot have its own different IP Filter policies.
IP Filter policies are treated as a chassis-wide configuration, and are common for all the logical switches in the chassis. Refer to the following for more information: KB Number 192275. docu83435 - Brocade Fabric OS Administrator's Guide.
IP Filter policy, and, docu83446 - Brocade Fabric OS Command reference guide.
Thank you for watching.
