Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

3750 Lockdown

I have a 3750 and can telnet / web interface into from every interface that I assign it. How can I prevent this and only allow it for one interface?

(only allow management from here)

Vlan2

Ip address 10.1.1.5 255.255.255.0

Vlan3

Ip address 10.222.1.5 255.255.255.0

Vlan4

Ip address 10.4.3.5 255.255.255.0

Thanks in advance for looking.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: 3750 Lockdown

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

4 REPLIES
Silver

Re: 3750 Lockdown

Determine the valid IP addresses that need access to the management plane. 

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.


access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit


Chris

New Member

Re: 3750 Lockdown

Thank you very much!

New Member

Re: 3750 Lockdown

Does:

ip http access-class 82

include https?

New Member

Re: 3750 Lockdown

yes it does.

225
Views
0
Helpful
4
Replies
CreatePlease to create content