Re: 4500 security question

jlhainy · ‎01-04-2005

I just received a Cat 4500 with the IOS, not the CatOs. It is currently only performing layer 2 switch only. I set up telnet and found that I could only telnet to the 4500 from a device that was on the same subnet as the 4500. Although this is a great security feature, I believe it is prohibiting my CiscoWorks from being able to actively discover and manage this device. Is there a command to disable this behavior or do I just create an ACL to permit my cisco works box to telnet to the 4500?

paddyxdoyle · ‎01-05-2005

If your Cisco Works server is on a different network than you switch management address you will need to add the default gateway for your switch management network to your switch:

ip default-gateway

I would also recommend (as you mentioned) adding an access-list to your VTY lines permiting Ciscoworks and admin addresses to access your switch using Telent or SSH (if supported), and also adding an access-list to SNMP permiting only your CiscoWorks server to GET and SET SNMP information.

Thanks

Paddy

sysjes · ‎01-05-2005

If you mean to keep it a l2 device then create an interface vlanXX (the same vlan CiscoWorks is on) with an IP Address and create an access-list applied to that interface.

CW=10.1.5.2/24&Vlan=10

ip access-list 45 standard permit ip host 10.1.5.2

int vlan10

description CiscoworksMGMT

ip address 10.1.5.1 255.255.255.0

access-group in 45

You'll have to double check my statements, they may be off a bit. I'm sure there are other ways to accomplish what you want.