Solved: Re: A "Hello" and a question - The Management VLAN

Navy_Dave · ‎12-08-2020

Hi,

New joiner to the community. Been using it for a while now but finally took the dive to join, now im at a point where I (hope) to not embarrass myself.

I do have a question im hoping someone can help with me with...

My studies into VLANs always lead me back to one question. I keep reading / watching some guides that say part of the "good practice" when it comes to setting up VLANs is that only devices in the management VLAN should have access to the switch to configure it. Makes sense.

However - my question is how do you restrict devices from ANY VLAN accessing the switch remotely to config it (understand that passwords etc would be needed, but im talking about the physical ability too access it)

I accept im probably missing something glaringly obvious here, but any ideas would help!

Many thanks

Rob Ingram · ‎12-08-2020

Hi @Navy_Dave

You would control access to the switch or router by applying an ACL to the VTY lines, which would permit traffic from the host/networks defined in the ACL. Any network not defined in the ACL would be denied access to manage the device, either via telnet/ssh.

access-list 1 permit host 192.168.10.10 log
access-list 1 permit host 192.168.10.11 log

line vty 0 4
 access-class 1 in

HTH

View solution in original post

Rob Ingram · ‎12-08-2020

Hi @Navy_Dave

You would control access to the switch or router by applying an ACL to the VTY lines, which would permit traffic from the host/networks defined in the ACL. Any network not defined in the ACL would be denied access to manage the device, either via telnet/ssh.

access-list 1 permit host 192.168.10.10 log
access-list 1 permit host 192.168.10.11 log

line vty 0 4
 access-class 1 in

HTH

Navy_Dave · ‎12-08-2020

@Rob Ingram Thank you so much for getting back to me so quickly. That's cleared that up for me nicely - many thanks.