Hi,
not really sure, if this is the right community for my question, but here it is:
I just enabled the nxapi sandbox on one of my Nexus 7k switches:
feature nxapi
nxapi https port 5443
nxapi sandbox
It works fine - I can access and login to the sandbox from my internal management station.
My problem is that the switch has SVI interfaces on the public Internet, and with the sandbox exposed on those interfaces.
The default behaviour seems to be "expose sandbox to any source on all active interfaces" (duh?)
I do not want to expose the sandbox to the public Internet, but I have not been able to find any documentation on how to restrict access to the sandbox https port.
Anyone here been able to do so without resorting to use access-group/lists on the SVIs?
What I'm looking for is something like the mechanism used for controlling access to regular ssh/VTYs.
Regards,
Espen