Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
1
Replies

Management Access cannot be restricted to single IP

ThiruNathan18584
Level 1
Level 1

‎07-03-2020 05:11 AM

Let me start with an overview of what I am trying to achieve. I have multiple vlans configured on the switch with an up link port(Trunk) to Meraki MX. I would like a single IP from a subnet 7 to access switch for management. Rest of the network should be blocked for switch management.

 

VLAN Table

 

VLAN ID VLAN   Name                       Type

2ServersStatic 
3Users PrintersStatic 
6Exec AdminsStatic 
7SecurityStatic 
8IOTStatic 
46defaultDefault

 

Management Access Methods - Profile Rules

 

  Access Profile Name Priority Management Method Action Interface Source IP Address Prefix Length

Management_Security1AllPermit 10.1.7.332 
Management_Security100AllDeny    

 

I have management_security as active profile and it has the above two setup. Priority 1 is to allow only the source IP. Priority 100 is block rest of the network from managing the switch.

 

However, the rule is not effective since I am still able to reach the switch for management from any IP.

 

Any input will help

 

Thank you..

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎07-03-2020 11:25 AM

We need more information :

 

1. what switch is this?

2. how you applied the config on what interface? 

 

Can you pos relevant config to understand where went wrong?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents