cancel
Showing results for 
Search instead for 
Did you mean: 

ACL for Web HTTP?

ACL for Web HTTP?

ZachN
New Contributor
I am unable to find any information regarding this. I am trying to setup an ACL to restrict access to the switch ENTIRELY except for the IP for XMC. 

I am unable to figure out how to include the web http module (the EXOS webpage for configuring the switch) 

I'm also curious if this will affect the ability of our captive portal and NAC working - or should that IP be included as allowed as well? Thanks.
1 ACCEPTED SOLUTION

Gabriel_G
Extreme Employee
Hi Zach,

There is an article on this here:
https://extremeportal.force.com/ExtrArticleDetail?an=000078659

This will permit/deny access to the EXOS Web GUI itself. Note that this does not apply to SSH/Telnet/SNMP, which have access-profiles of their own, search our user guide or the knowledge base for more details there.

Regarding your XMC/NAC setup, I believe that XMC now does a lot of polling via the switch's RESTAPI, so it's a good idea to allow XMC through. Not 100% sure on NAC, but if your workflows aren't working or you're having issues with enforcing from XMC/NAC, I'd add the NAC IP as well.

View solution in original post

1 REPLY 1

Gabriel_G
Extreme Employee
Hi Zach,

There is an article on this here:
https://extremeportal.force.com/ExtrArticleDetail?an=000078659

This will permit/deny access to the EXOS Web GUI itself. Note that this does not apply to SSH/Telnet/SNMP, which have access-profiles of their own, search our user guide or the knowledge base for more details there.

Regarding your XMC/NAC setup, I believe that XMC now does a lot of polling via the switch's RESTAPI, so it's a good idea to allow XMC through. Not 100% sure on NAC, but if your workflows aren't working or you're having issues with enforcing from XMC/NAC, I'd add the NAC IP as well.
GTM-P2G8KFN