Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Management VLAN

Hi,

How can i restrict others from accessing the management VLAN. Whcih access-list i need to mention.

3 REPLIES

Re: Management VLAN

Hi

If u r refering to the telnet access to the switches then i would suggest use the access-list under u r vty lines.Just allow the subnet from which u would like to access the devices.u can use standard ACL for this.

Thanks

Mahmood

New Member

Re: Management VLAN

Hi,

I want to block the entire traffic from other VLAN's with providing a limitted access to the managament VLAN.

New Member

Re: Management VLAN

I'd recommend the 3750 Switch Software Configuration Guide's chapter

on Network Security with ACLs:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081de82.html

VACLs are usually used to control traffic within a VLAN (Host A in

VLAN 10 to Host B in VLAN 10), but can be used to filter on layer 2 or

layer 3. A VACL is applied to all traffic in both directions so

creating access-list logic can be more challenging but VACL's can

povide a high level of security.

Router ACL's are easier to manage for filtering traffic between VLANs

(Host A on VLAN 10 to Host B on VLAN 20). Router ACL's can be applied

in inbound and outbound directions and are very similar to ACL's

applied to interfaces on any Cisco router. In a VLAN environment, you

apply the ACL to switch virtual interfaces (SVIs) or routed interfaces

(no switchport).

Here's an example:

Switch(config)# access-list 110 permit tcp any 128.88.0.0 0.0.255.255

gt 1023

Switch(config)# access-list 110 permit tcp any host 128.88.1.2 eq 25

Switch(config)# access-list 110 permit icmp any any

Switch(config)# interface VLAN 10

Switch(config-if)# ip access-group 110 in

3750 switches handle most ACL filtering in hardware so these switches

can handle a fairly large number of access-list statements with little

impact on performance.

127
Views
0
Helpful
3
Replies
CreatePlease to create content