Header Only - DO NOT REMOVE - Extreme Networks
Solved

VOSS VSP72K ACL on MgmtEthernet Port

  • 7 July 2019
  • 2 replies
  • 468 views

Userlevel 6
Is it possible to bind an Standard or Service ACL on the back-side out-of-band Management port on VSP7200 Switch ?

i try to bind a ACL but either i can bind it to an existing VLAN or to an gigabit-ethernet x/y physical port.

Is there a insider trick to bind a ACL on the interface "MgmtEthernet mgmt" ? Or is this currenly not possible ?
icon

Best answer by Ludovico Stevens 8 July 2019, 09:08

That can't be done. However, the only traffic accepted on that mgmt port is switch management traffic.
Is there any reason you cannot use the inbuilt access-policies to control what management traffic is accepted by the switch ? These will apply for any management traffic being received by the switch, either inband (via a GRT IP) or from the OOB mgmt port.
View original

2 replies

Userlevel 4
That can't be done. However, the only traffic accepted on that mgmt port is switch management traffic.
Is there any reason you cannot use the inbuilt access-policies to control what management traffic is accepted by the switch ? These will apply for any management traffic being received by the switch, either inband (via a GRT IP) or from the OOB mgmt port.
Userlevel 6
Hi Ludovico,

using access-policies is a great hint - it address my needs!

I found this document which explain the complete topic ... thanks for writing.
Management Access Security Technical Configuration Guide
https://downloads.avaya.com/css/P8/documents/101009371


BR,
Matthias

Reply