06-14-2012 05:59 AM
Does anyone know, how to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:
Vlan 100 (10.0.1.254 /24)
Vlan 200 (10.0.2.254 /24)
Vlan 300 (10.0.3.254 /24)
...
Vlan 900 (10.0.9.254 /24)
Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. Does anyone know, what I need to configure or whether it is possible? Thanks for your help.
Frank
06-14-2012 07:50 AM
Hi Frank,
What you can do is create a management access policy and disable access to the web ui (or all telnet/ssh access for that matter) on the vlans you don't want to have access.
Log into the web ui, on the left hand side, click on Security, then Mgmt Access Method. First, add a profile, give it a name, and select management method all, priority 20, action permit, all interfaces. (You want to allow all, then deny some).
Second, on the left menu, choose profile rules. A rule should have been created for you with the access profile name you just created. Then create a rule to deny the vlan you want to prohibit access. Click add, give the rule a higher priority than the allow rule (I used 10), choose the mgmt methods you're seeking to prohibit (HTTP for web ui, or all...), action deny, then choose user defined for the interface, then the vlan you don't want to have access.
Then you must go back to the access profiles page from the left menu, and select the profile you just created as the active access profile and hit apply.
I guess you could do it in the reverse order, deny all, then give your management vlan permission to the web ui, thats your call.
Let me know if thats what you're looking for.
Best,
David
Please rate helpful posts.
06-21-2012 08:29 AM
Hi Dave,
thanks for your answer and sorry for my late reply. What you described is the workaround, which I currently have in place. This works fine. However, it would be nice, if I could configure the interfaces on which the management interface listens. But I guess that this is not possible...
Best,
Frank
06-21-2012 08:31 AM
Hi Frank,
Thats the only way to do it. Once you add in the ipv4 address for the switch, it responds to the webui on that ip.
Please rate helpful posts.
Best,
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide