Is there a way to restrict the management to an IP or subnet? I’m not finding it and I would not like to leave these management interfaces open to everything. Specifically, I’m looking at a TX2020RP.
Here’s my understanding of your question.
There are more than one subnets on the switch: vlan 1 has ip address 10.10.10.1/24, and vlan 2 has ip address 220.127.116.11/24. The switch can be accessed (ssh/telnet/web etc) via either of the ip addresses. However, you want to block accessing to the switch on vlan 2 via 18.104.22.168.
As DaveClelland suggested, you can use ACL to deny TCP/UDP packets destined to 22.214.171.124. You need to configure the ACL in the Switch Group, and then assign the ACL to the desirable ports in the Switch Port page. Unfortunately, there is a couple issues with ACL configuration, which prevents this solution to work. A workaround is available. Please raise a support ticket, and I can assist you further.
We are working on the issues and will have them resolved shortly.
Any fix for doing this on a TCP port basis?