network management security - Switches and SVIs

Unanswered Question
Jul 20th, 2010

Hello all.

I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example.  How can I remove telnet or SSH access from the other SVIs?

I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.

I imagine an access list just blocking the ports?  What would you suggest?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Wed, 07/21/2010 - 10:45

I believe ACLs on the SVIs are you only choice to limit the subnets that can ssh or telnet to your vlan SVIs.

I hope it helps.

PK

Ganesh Hariharan Wed, 07/28/2010 - 23:38

Hello all.

I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example.  How can I remove telnet or SSH access from the other SVIs?

I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.

I imagine an access list just blocking the ports?  What would you suggest?

Thanks in advance.

Hi,

If you have decided the source ip from where the telnet or ssh is allowed you can use access class configuration with acl applied on line vty which will only permit the particular host to telnet or ssh into device.

Following is the example for access class hope to help !!

The following example defines an access list that permits only hosts on  network 192.89.55.0 to connect to the virtual terminal ports on the  router:

access-list 12 permit 192.89.55.0  0.0.0.255
line 1 5
access-class 12 in

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Actions

This Discussion