07-28-2024 04:42 AM
The switch model: Cisco Nexus 90108TC-EX ver 9.3(13)
We are trying to restrict incoming traffic locally to the above switch.
The switch acts as a router for a number of interfaces so there are public ip addresses defined, both ipv4 and ipv6 including on the loopback interface.
We want the following to work and block everything else (fake IP addresses):
192.0.2.0/24 to ports like ssh, snmp (management interface)
198.51.100.0/24 and 2001:db8:2::/48 for protocol ospf
203.0.113.0/24 and 2001:db8:3::/48 for port bgp
We have been looking at COPP but don’t understand how to only allow traffic to/from the prefixes above.
How can we achieve this? Are there maybe some better ways to do this?
Thanks!
07-28-2024 04:47 AM
I think I posted this in wrong area... how can I move it or delete my post?
07-28-2024 05:04 AM
I dont think CoPP will prevent traffic to box
Try use vlan access-map
Prevent any traffic to specific SVI
MHM
07-28-2024 05:11 AM
check the below guide and ACL :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide