topic Typically no, but it also in Network Security

NX7K Mgmt Interface Security

zekebashi — Fri, 21 Feb 2020 14:02:50 GMT

Hello,

We ran a vulnerability test against the mgmt interface on the NX7K and the results came back showing that a number of services, such as SSH, DHCPs, NTP, BGP, and SNMP that are open. Are these services/ports listening to these services by default?

Thanks in advance.

Best, ~zK

Typically no, but it also

Collin Clark — Fri, 21 Apr 2017 16:59:36 GMT

Typically no, but it also depends on what Supervisor you are running. Some include a CoPP policy and some have a CMP. I assume your testing against the admin VDC?

We have dual N7K-SUP2. We don

zekebashi — Tue, 25 Apr 2017 18:13:02 GMT

We have dual N7K-SUP2. We don't have CoPP enabled/configured. I am planning on implementing iACLs on the ingress interfaces that connect the VDC to our ISP. Are there any other suggestions to disable/deny ssh and other services to access the mgmt interface?

Thanks, ~zK

The easiest way is to disable

Collin Clark — Tue, 25 Apr 2017 19:21:26 GMT

The easiest way is to disable the service(s).

no feature [ssh,telnet,etc]

How would one ssh into the

zekebashi — Tue, 25 Apr 2017 20:01:31 GMT

How would one ssh into the vdc/switch if the ssh feature is disabled?

The way I set them up is to

Collin Clark — Wed, 26 Apr 2017 13:07:06 GMT

The way I set them up is to only enable services on the Admin VDC and from there I can jump to the other VDC's.