Extreme Networks

Rod_Robertson2 · ‎11-08-2016

I need to deny any SSH access ( switch management ) from a specific port that the internet is connected to the internet . ( basically i want to stop any response from the switch from an specific port

The Switch still needs to be ssh accessible from the internal secure network.

I already run a Switch Manage policy for SSH/TELNET/and web. which are working as expected.

Frank · ‎11-08-2016

If the Internet is on a different VR than your internal network, you can limit ssh to only listen on a VR - for instance "enable ssh2 vr VR-Mgmt" to only listen on the management port/vr

Frank · ‎11-08-2016

My memory is spotty - I would start saying "enable ssh2 vr vr-mgmt" and see if that took it off vr-default. Don't want to leave you hanging without ssh or a long console cable.

Rod_Robertson2 · ‎11-08-2016

For this external switch ( internet one side , firewall the other ) we are using vr vr-default ..
Thought the ip address of the switch for management is on vr-mgmt ..

So basically
I would disable ssh2 vr vr-default , enable ssh2 vr vr-mgmt ..
That should stop the external hits we are getting for ssh..

Rod_Robertson2 · ‎11-08-2016

X670-48X 15.3.3.5-patch1-2

I really want to stop any response at all (BANNER etc ) ... other than the log

Mike_Thomas · ‎11-08-2016

What is the device / product type your working with, and what firmware revision?

Extreme Networks

deny ssh access from a specific internet facing port

deny ssh access from a specific internet facing port