Restrict HTTP and SSH access via ACL?

Is there a way to restrict the management to an IP or subnet? I’m not finding it and I would not like to leave these management interfaces open to everything. Specifically, I’m looking at a TX2020RP.


In your switch group configuration in cnMaestro, you can configure an ACL.

1 Like


Here’s my understanding of your question.

There are more than one subnets on the switch: vlan 1 has ip address, and vlan 2 has ip address The switch can be accessed (ssh/telnet/web etc) via either of the ip addresses. However, you want to block accessing to the switch on vlan 2 via

As DaveClelland suggested, you can use ACL to deny TCP/UDP packets destined to You need to configure the ACL in the Switch Group, and then assign the ACL to the desirable ports in the Switch Port page. Unfortunately, there is a couple issues with ACL configuration, which prevents this solution to work. A workaround is available. Please raise a support ticket, and I can assist you further.

We are working on the issues and will have them resolved shortly.


1 Like

Any fix for doing this on a TCP port basis?