cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1766
Views
0
Helpful
6
Replies

NX-OS: Deny SNMP, NTP and BGP access to SVI itself

laurent.dewilde
Level 1
Level 1

We're trying to block all SNMP, NTP and BGP access to a particular SVI. However, when using the ACL config below, only traffic through the SVI is blocked, not the traffic directly destined towards it.

So SVI VLAN901 is still responding on BGP, NTP and SNMP requests.

 

Any ideas how to deny traffic destined to an SVI itself?

 

Platform used: N9K-C93180YC-FX3

 

interface Vlan901
ip access-group filter_vlan901 in
ip access-group filter_vlan901 out

ip access-list filter_vlan901
10 deny tcp any any eq bgp
11 deny udp any any eq ntp
12 deny tcp any any eq 161
99 permit ip any any

 

Thanks a lot,

 

Laurent