Good evening-
We are in the process of setting up a 9300 access switch stack (ios version 17.03) for the production network. Interface GigabitEthernet0/0 is connected to a completely separate management network that only IT is physically connected to. We do not want the users (vlan1) to have access to web server or ssh or SNMP. We only want these services to go through management. But I can't figure out the best way to implement this. Is there an easy one or two lines that would accomplish this? Like access-class under line vty for ssh? It seems so straight forward but I've been staring at this for a while and I'm going braindead. Hoping someone can assist me. Thank you!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.10.10.10 255.255.255.0
negotiation auto
interface Vlan1
ip address 10.0.0.1 255.255.255.0
line vty 0 4
password 7 xxxx
login
transport input ssh
line vty 5 15
password 7 xxxx
login
transport input ssh
!