We are setting up an os6900 switch with layer 3 routing for internet services.
We are looking to only allow ssh and other setting like snmp and telnet through the mgmt IP.
Does os6900 support acl to lock down the unit so internet facing ports cannot access the device.
Thanks for any help provided.
OS6900 Security Help
- Gleylancer
- Member
- Posts: 157
- Joined: 08 May 2013 03:14
Re: OS6900 Security Help
What you are describing here - "Internet Facing Ports" and "Telnet" has nothing to do with "Security". Please buy a Router/Firewall.
The OS6900 has an EMP Port that can be configured to be used exclusively for management purposes, while all the user/uplink ports do not allow any access to the switch.
The OS6900 has an EMP Port that can be configured to be used exclusively for management purposes, while all the user/uplink ports do not allow any access to the switch.
-
- Member
- Posts: 6
- Joined: 30 Oct 2023 19:25
Re: OS6900 Security Help
We have a firewall.
We have the switch set up in layer 3 over the internet. We just want to lock down access to the mgmt ip of the device.
We do not want to allow any mgmt traffic over the internet and only allow it from our mgmt network.
We have the switch set up in layer 3 over the internet. We just want to lock down access to the mgmt ip of the device.
We do not want to allow any mgmt traffic over the internet and only allow it from our mgmt network.
- Gleylancer
- Member
- Posts: 157
- Joined: 08 May 2013 03:14
Re: OS6900 Security Help
It still sounds insecure as hell, but again, the EMP port is the best choice for this.
Re: OS6900 Security Help
there are a lot of possibilities: unsecure access can forbidden (with the aaa commands), unsecure services can be disabled (with ip service command).
And yes - you can use policies to allow only specific ip addresses to have access to the switch. Search here for "ip network group switch" to find answers. This is the same for all switches.
BR Silvio
And yes - you can use policies to allow only specific ip addresses to have access to the switch. Search here for "ip network group switch" to find answers. This is the same for all switches.
BR Silvio