Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
5
Replies

NX7K Mgmt Interface Security

zekebashi
Level 4
Level 4

‎04-05-2017 09:26 AM - edited ‎02-21-2020 06:02 AM


Hello,

We ran a vulnerability test against the mgmt interface on the NX7K and the results came back showing that a number of services, such as SSH, DHCPs, NTP, BGP, and SNMP that are open. Are these services/ports listening to these services by default?

Thanks in advance.

Best, ~zK

0 Helpful
5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

‎04-21-2017 09:59 AM

Typically no, but it also depends on what Supervisor you are running. Some include a CoPP policy and some have a CMP. I assume your testing against the admin VDC?

0 Helpful

zekebashi
Level 4
Level 4
In response to Collin Clark

‎04-25-2017 11:13 AM

We have dual N7K-SUP2. We don't have CoPP enabled/configured. I am planning on implementing iACLs on the ingress interfaces that connect the VDC to our ISP. Are there any other suggestions to disable/deny ssh and other services to access the mgmt interface?

Thanks, ~zK  

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to zekebashi

‎04-25-2017 12:21 PM

The easiest way is to disable the service(s).

no feature [ssh,telnet,etc]

0 Helpful

zekebashi
Level 4
Level 4
In response to Collin Clark

‎04-25-2017 01:01 PM

How would one ssh into the vdc/switch if the ssh feature is disabled? 

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to zekebashi

‎04-26-2017 06:07 AM

The way I set them up is to only enable services on the Admin VDC and from there I can jump to the other VDC's.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card