OS6900 Security Help

[mspdogomaha]

We are setting up an os6900 switch with layer 3 routing for internet services.

We are looking to only allow ssh and other setting like snmp and telnet through the mgmt IP.

Does os6900 support acl to lock down the unit so internet facing ports cannot access the device.

Thanks for any help provided.

[Gleylancer]

What you are describing here - "Internet Facing Ports" and "Telnet" has nothing to do with "Security". Please buy a Router/Firewall.

The OS6900 has an EMP Port that can be configured to be used exclusively for management purposes, while all the user/uplink ports do not allow any access to the switch.

[mspdogomaha]

We have a firewall.

We have the switch set up in layer 3 over the internet. We just want to lock down access to the mgmt ip of the device.

We do not want to allow any mgmt traffic over the internet and only allow it from our mgmt network.

[Gleylancer]

It still sounds insecure as hell, but again, the EMP port is the best choice for this.

[silvio]

there are a lot of possibilities: unsecure access can forbidden (with the aaa commands), unsecure services can be disabled (with ip service command).
And yes - you can use policies to allow only specific ip addresses to have access to the switch. Search here for "ip network group switch" to find answers. This is the same for all switches.
BR Silvio