Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3644
Views
49
Helpful
3
Replies

SG300 management interface

Frank Peter
Level 1
Level 1

‎06-14-2012 05:59 AM

Does anyone know, how to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:

Vlan 100 (10.0.1.254 /24)

Vlan 200 (10.0.2.254 /24)

Vlan 300 (10.0.3.254 /24)

...

Vlan 900 (10.0.9.254 /24)

Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. Does anyone know, what I need to configure or whether it is possible? Thanks for your help.

Frank

Labels:
0 Helpful
3 Replies 3

Davidwagman1
Level 7
Level 7

‎06-14-2012 07:50 AM

Hi Frank,

What you can do is create a management access policy and disable access to the web ui (or all telnet/ssh access for that matter) on the vlans you don't want to have access.

Log into the web ui, on the left hand side, click on Security, then Mgmt Access Method. First, add a profile, give it a name, and select management method all, priority 20, action permit, all interfaces. (You want to allow all, then deny some).

Second, on the left menu, choose profile rules. A rule should have been created for you with the access profile name you just created. Then create a rule to deny the vlan you want to prohibit access. Click add, give the rule a higher priority than the allow rule (I used 10), choose the mgmt methods you're seeking to prohibit (HTTP for web ui, or all...), action deny, then choose user defined for the interface, then the vlan you don't want to have access.

Then you must go back to the access profiles page from the left menu, and select the profile you just created as the active access profile and hit apply.

I guess you could do it in the reverse order, deny all, then give your management vlan permission to the web ui, thats your call.

Let me know if thats what you're looking for.

Best,

David

Please rate helpful posts.

Frank Peter
Level 1
Level 1
In response to Davidwagman1

‎06-21-2012 08:29 AM

Hi Dave,

thanks for your answer and sorry for my late reply. What you described is the workaround, which I currently have in place. This works fine. However, it would be nice, if I could configure the interfaces on which the management interface listens. But I guess that this is not possible...

Best,

Frank

0 Helpful

Davidwagman1
Level 7
Level 7
In response to Frank Peter

‎06-21-2012 08:31 AM

Hi Frank,

Thats the only way to do it. Once you add in the ipv4 address for the switch, it responds to the webui on that ip.

Please rate helpful posts.

Best,

David

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents