https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121050#M3156 <P>I'd like to restrict access for management to VOSS switches using a firewall. The firewall rules will not be an issue. I'm running VOSS 8.10.x on all VOSS switches. So they have management CLIP addresses, which are separate from Source IP, and loopback addresses. I'm moving away from ACL's and access-lists, which are on the switches now.</P><P>The current code is:</P><P>mgmt clip vrf GlobalRouter<BR />ip address 10.10.10.41/32<BR />enable<BR />exit</P><P>I noticed there is a reserved vlan (4090) with the management CLIP address on it. Can I use that as part of the solution?</P><P>I've tried to find some information on this, but I guess my Google-fu is lacking.</P> Tue, 06 Jan 2026 16:59:46 GMT XTRMUser 2026-01-06T16:59:46Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121050#M3156 <P>I'd like to restrict access for management to VOSS switches using a firewall. The firewall rules will not be an issue. I'm running VOSS 8.10.x on all VOSS switches. So they have management CLIP addresses, which are separate from Source IP, and loopback addresses. I'm moving away from ACL's and access-lists, which are on the switches now.</P><P>The current code is:</P><P>mgmt clip vrf GlobalRouter<BR />ip address 10.10.10.41/32<BR />enable<BR />exit</P><P>I noticed there is a reserved vlan (4090) with the management CLIP address on it. Can I use that as part of the solution?</P><P>I've tried to find some information on this, but I guess my Google-fu is lacking.</P> Tue, 06 Jan 2026 16:59:46 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121050#M3156 XTRMUser 2026-01-06T16:59:46Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121055#M3158 <P>Try access policy, example:</P><P>access-policy 2<BR />access-policy 2 network 10.100.51.0 24<BR />access-policy 2 access-strict<BR />access-policy 2 accesslevel rwa<BR />access-policy 2 ssh<BR />access-policy 2 telnet<BR />access-policy 2 snmpv3<BR />access-policy 2 ftp<BR />access-policy 2 http<BR />access-policy 2 snmp-group readgrp snmpv2c<BR />access-policy 2 snmp-group v1v2grp snmpv2c<BR />access-policy 2 enable</P> Wed, 07 Jan 2026 13:39:20 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121055#M3158 EF 2026-01-07T13:39:20Z https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121062#M3161 <P>I have access-policies in place, as well as filters. But to make it easier on my coworkers, who don't understand access policies and filters, but do understand firewall rules, I'm switching.</P> Wed, 07 Jan 2026 21:15:23 GMT https://community.extremenetworks.com/t5/extremeswitching-vsp-fabric/restrict-management-access-to-voss-switches-using-a-firewall/m-p/121062#M3161 XTRMUser 2026-01-07T21:15:23Z