This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EOS Out-Of-Band Management

EOS Out-Of-Band Management

Anonymous
Not applicable

‎04-19-2016 01:00 PM

In the process of configuring / designing an Out-Of-Band management network in EOS.

Will need to make this as secure as possible so things like SNMP, SSH, Syslog, HTTPS and Netflow for / via NetSight are all done out of band on the management network only. All the switches in use are either S or K series.

My first thoughts are that I would have to do this with Policy and ACL's, but it would be preferential to use a separate VRF.

So my questions are:
  • What would the best why to ago about this in the most secure manner?
  • Perhaps there is a better method in EOS?
  • If I was to use a VRF for management (and my point in using it), is I could then just enable the management protocols on the management VRF and turn them off on the default VRF. (I don't believe its possible, but it would provide the simplest and most secure set-up, perhaps still in conjunction with policy and ACL's)
Many thanks in advance.

0 Kudos
5 REPLIES 5

Erik_Auerswald
Contributor II

‎04-20-2016 05:30 AM

Hi Martin,

I don't think you can disable SNMP, SSH, etc. in a VRF.

To lock down management access you should look into the host ACL ("ip host-access "). You can (and should) use an extended ACL, so you can allow just the interface IP you want to use for management. With a host ACL you need to consider and allow all layer 3 protocols (VRRP, OSPF, BGP, ...) you intend to use.

Erik
0 Kudos
GTM-P2G8KFN