3750 Lockdown

Answered Question
Sep 30th, 2010

I have a 3750 and can telnet / web interface into from every interface that I assign it. How can I prevent this and only allow it for one interface?

(only allow management from here)

Vlan2

Ip address 10.1.1.5 255.255.255.0

Vlan3

Ip address 10.222.1.5 255.255.255.0

Vlan4

Ip address 10.4.3.5 255.255.255.0

Thanks in advance for looking.

I have this problem too.
0 votes
Correct Answer by gatlin007 about 6 years 2 months ago

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
gatlin007 Thu, 09/30/2010 - 14:57

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

Actions

This Discussion