04-05-2017 09:26 AM - edited 02-21-2020 06:02 AM
Hello,
We ran a vulnerability test against the mgmt interface on the NX7K and the results came back showing that a number of services, such as SSH, DHCPs, NTP, BGP, and SNMP that are open. Are these services/ports listening to these services by default?
Thanks in advance.
Best, ~zK
04-21-2017 09:59 AM
Typically no, but it also depends on what Supervisor you are running. Some include a CoPP policy and some have a CMP. I assume your testing against the admin VDC?
04-25-2017 11:13 AM
We have dual N7K-SUP2. We don't have CoPP enabled/configured. I am planning on implementing iACLs on the ingress interfaces that connect the VDC to our ISP. Are there any other suggestions to disable/deny ssh and other services to access the mgmt interface?
Thanks, ~zK
04-25-2017 12:21 PM
The easiest way is to disable the service(s).
no feature [ssh,telnet,etc]
04-25-2017 01:01 PM
How would one ssh into the vdc/switch if the ssh feature is disabled?
04-26-2017 06:07 AM
The way I set them up is to only enable services on the Admin VDC and from there I can jump to the other VDC's.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: