cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
699
Views
0
Helpful
4
Replies

3750 Lockdown

tedtucker
Level 1
Level 1

I have a 3750 and can telnet / web interface into from every interface that I assign it. How can I prevent this and only allow it for one interface?

(only allow management from here)

Vlan2

Ip address 10.1.1.5 255.255.255.0

Vlan3

Ip address 10.222.1.5 255.255.255.0

Vlan4

Ip address 10.4.3.5 255.255.255.0

Thanks in advance for looking.

1 Accepted Solution

Accepted Solutions

gatlin007
Level 4
Level 4

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

View solution in original post

4 Replies 4

gatlin007
Level 4
Level 4

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

Thank you very much!

Does:

ip http access-class 82

include https?

yes it does.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: