Restrict HTTP and SSH access via ACL?

Is there a way to restrict the management to an IP or subnet? I’m not finding it and I would not like to leave these management interfaces open to everything. Specifically, I’m looking at a TX2020RP.

Matt,

In your switch group configuration in cnMaestro, you can configure an ACL.

1 Like

Hi,

Here’s my understanding of your question.

There are more than one subnets on the switch: vlan 1 has ip address 10.10.10.1/24, and vlan 2 has ip address 20.20.20.1/24. The switch can be accessed (ssh/telnet/web etc) via either of the ip addresses. However, you want to block accessing to the switch on vlan 2 via 20.20.20.1.

As DaveClelland suggested, you can use ACL to deny TCP/UDP packets destined to 20.20.20.1. You need to configure the ACL in the Switch Group, and then assign the ACL to the desirable ports in the Switch Port page. Unfortunately, there is a couple issues with ACL configuration, which prevents this solution to work. A workaround is available. Please raise a support ticket, and I can assist you further.

We are working on the issues and will have them resolved shortly.

Thanks.

1 Like