Solved: Re: 3750 Lockdown

tedtucker · ‎09-30-2010

I have a 3750 and can telnet / web interface into from every interface that I assign it. How can I prevent this and only allow it for one interface?

(only allow management from here)

Vlan2

Ip address 10.1.1.5 255.255.255.0

Vlan3

Ip address 10.222.1.5 255.255.255.0

Vlan4

Ip address 10.4.3.5 255.255.255.0

Thanks in advance for looking.

gatlin007 · ‎09-30-2010

Determine the valid IP addresses that need access to the management plane.

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.

access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit

Chris

View solution in original post

gatlin007 · ‎09-30-2010

Determine the valid IP addresses that need access to the management plane.

For this example that say it's all of 192.168.1.0/24

Create an ACL that accounts for management addresses.

access-list 82 remark *** Management ***

access-list 82 permit 192.168.1.0 0.0.0.255

Apply this access list to the management interface.

ip http access-class 82

line vty 0 4 ### if you have more VTY apply to all
access-class 82 in
exit

Chris

tedtucker · ‎09-30-2010

Thank you very much!

tedtucker · ‎09-30-2010

Does:

ip http access-class 82

include https?

tedtucker · ‎09-30-2010

yes it does.