Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4929
Views
12
Helpful
6
Replies

C3750 management interface

jmprats
Level 4
Level 4

‎10-19-2011 04:51 AM - edited ‎03-07-2019 02:54 AM

By default you can manage the switch using the ip address of any vlan interface defined in the switch. How can i canfigure a single management interface?

Thanks

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Jonathancert_2
Level 1
Level 1

‎10-19-2011 05:03 AM

If you are referring to remote or out of band management, placing the applicable interface in a VRF should suffice.   There are probably more options but this my first thought.  Not sure if an ACL on the line vty's would fit your need.

Jonathan,

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Jonathancert_2

‎10-19-2011 05:09 AM

Hi,


I would request you to put a standard access-list like below and apply to the line vty so that you can access the switch only from the permit IP's.


access-list 23 permit 10.10.10.1
access-list 23 permit 10.10.10.100
access-list 23 permit 10.10.20.59

line vty 0 4
access-class 23 in
transport input ssh


Please rate the helpfull posts.
Regards,
Naidu.

cadet alain
VIP Alumni
VIP Alumni

‎10-19-2011 05:10 AM

Hi,

just configure this:

int vlan x

ip address x.x.x.x

then verify it is up/up with sh ip int br | i Vlan

if you are accessing the switch from a different subnet and your switch is doing L2 only then configure a default-gateway:

ip default-gateway x.x.x.x

if it is doing L3 then  you must have a route to this subnet: verify with sh ip route

Regards.

Alain.

Don't forget to rate helpful posts.

jmprats
Level 4
Level 4

‎10-20-2011 12:25 AM

Yes, I know I can put an access-list in the vty. But with that I can only filter the source IP (not destination IP in the router). So those IPs can connect to every L3 interface in the switch to manage it.

I want to say to the router which is his management interface and in which vlan it is. It sounds unbelievable
cisco don't allow to do that.

You can change your ip, but you can't change the vlan you are in. So i think is not secure enough to filter with source ip

Thanks

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jmprats

‎10-20-2011 01:56 AM

Hi,

why don't you configure radius authentication on the vty lines this way only people having the correct credentials will be able to login.

Yes, I know I can put an access-list in the vty. But with that I can  only filter the source IP (not destination IP in the router). So those  IPs can connect to every L3 interface in the switch to manage it.

those IPs will be src IPs not destinations?  I don't understand what you mean?

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

chucktranhpb
Level 1
Level 1

‎10-20-2011 06:41 PM

You can apply ACL's to each SVI to deny telnet and SSH. It could be a pain if you have a lot but it will accomplish your goal.

Customers Also Viewed These Support Documents