Suppose i have a server with ip address 10.0.0.1 hanging on switch 4. Switch 1 is my command switch.
I want to set up Access-List to only allow access to this server 10.0.0.1 from a proxy 192.168.1.1 which is located on another LAN. I dont want to set up an access-list on the router, but rather i want to set it up on the switches, so that users on the 10.0.0.0 LAN cannot access it directly.
I know this is a weird scenario but can someone give me general information and some example of how my commands on the switch should look like.
I have read a bit about ACLs on switches. It mentions that i can only apply ACLs on physical interfaces if i have teh EI image. I only have SI image so i guess im stack with ACLs for Management interfaces.
SO i have to apply the ACL on VLAN1.
I have a cluster of 4 switches.
If i appl the ACL on switch3 for example on VLAN1, will it take effect on all other switches as they are part of the same VLAN ???
"You can create ACLs for physical interfaces or management interfaces. A management interface is defined as a management VLAN or any traffic that is going directly to the CPU, such as SNMP, Telnet, or web traffic. You can create ACLs for management interfaces with the standard software image (SI) or the enhanced software image (EI) installed on your switch. However, you must have the EI installed on your switch to apply ACLs to physical interfaces."
And to be complete you can also apply ACLs to terminal lines such as vty 0 4.
The switch is not using the management interface to route traffic, as the name says it is only for managemnt and the ACL only applies to traffic to and from the CPU, depending which direction the ACL is applied.
I don't think you can achieve your requirement with this image. You either need to upgrade or use a L-3 device to segment your LAN and apply your filtering policies.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...