Extreme Networks

ZachN · ‎01-27-2022

I am unable to find any information regarding this. I am trying to setup an ACL to restrict access to the switch ENTIRELY except for the IP for XMC.

I am unable to figure out how to include the web http module (the EXOS webpage for configuring the switch)

I'm also curious if this will affect the ability of our captive portal and NAC working - or should that IP be included as allowed as well? Thanks.

Gabriel_G · ‎01-28-2022

Hi Zach,

There is an article on this here:
https://extremeportal.force.com/ExtrArticleDetail?an=000078659

This will permit/deny access to the EXOS Web GUI itself. Note that this does not apply to SSH/Telnet/SNMP, which have access-profiles of their own, search our user guide or the knowledge base for more details there.

Regarding your XMC/NAC setup, I believe that XMC now does a lot of polling via the switch's RESTAPI, so it's a good idea to allow XMC through. Not 100% sure on NAC, but if your workflows aren't working or you're having issues with enforcing from XMC/NAC, I'd add the NAC IP as well.

View solution in original post

Gabriel_G · ‎01-28-2022

Hi Zach,

There is an article on this here:
https://extremeportal.force.com/ExtrArticleDetail?an=000078659

This will permit/deny access to the EXOS Web GUI itself. Note that this does not apply to SSH/Telnet/SNMP, which have access-profiles of their own, search our user guide or the knowledge base for more details there.

Regarding your XMC/NAC setup, I believe that XMC now does a lot of polling via the switch's RESTAPI, so it's a good idea to allow XMC through. Not 100% sure on NAC, but if your workflows aren't working or you're having issues with enforcing from XMC/NAC, I'd add the NAC IP as well.

Extreme Networks

ACL for Web HTTP?

ACL for Web HTTP?