Does anyone know, how to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:
Vlan 100 (10.0.1.254 /24)
Vlan 200 (10.0.2.254 /24)
Vlan 300 (10.0.3.254 /24)
Vlan 900 (10.0.9.254 /24)
Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. Does anyone know, what I need to configure or whether it is possible? Thanks for your help.
What you can do is create a management access policy and disable access to the web ui (or all telnet/ssh access for that matter) on the vlans you don't want to have access.
Log into the web ui, on the left hand side, click on Security, then Mgmt Access Method. First, add a profile, give it a name, and select management method all, priority 20, action permit, all interfaces. (You want to allow all, then deny some).
Second, on the left menu, choose profile rules. A rule should have been created for you with the access profile name you just created. Then create a rule to deny the vlan you want to prohibit access. Click add, give the rule a higher priority than the allow rule (I used 10), choose the mgmt methods you're seeking to prohibit (HTTP for web ui, or all...), action deny, then choose user defined for the interface, then the vlan you don't want to have access.
Then you must go back to the access profiles page from the left menu, and select the profile you just created as the active access profile and hit apply.
I guess you could do it in the reverse order, deny all, then give your management vlan permission to the web ui, thats your call.
thanks for your answer and sorry for my late reply. What you described is the workaround, which I currently have in place. This works fine. However, it would be nice, if I could configure the interfaces on which the management interface listens. But I guess that this is not possible...
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion
Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa...
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.
David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig...
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work.
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l...