This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict telnet access to XOS swtich

Restrict telnet access to XOS swtich

r_____________9
New Contributor

‎04-18-2014 07:26 AM

Is it possible to restrict telnet access to XOS switch through IP addresses of some VLANs.

For example, there are 4 VLANs are created on the switch but user can telnet to the switch only with ipaddress of one of the VLANs. Can it be done with access policy? or it has to be done through ACL?

Thanks!

0 Kudos
4 REPLIES 4

Paul_Russo
Extreme Employee

‎04-21-2014 10:15 AM

Good Morning Elmer

As Sumit said the access profile only works for source address. You can restrict access using a different VR but you then need to use an external FW or router to go between the VR.

The other idea would be to restrict using ACLs at the edge. ACLs restrict traffic through the switch profiles restrict traffic to the switch. So you should be able to set up an ACL to restrict a destination subnet to a range of IPs (if you use a certain host range as an example) by setting it up at the edge.

I will check with a customer of mine to see if this is what they did and will let you know

P
0 Kudos

Sumit_Tokle
Contributor

‎04-21-2014 09:05 AM

You can not use the destination address in match condition. Only source-address match is supported.

Maybe you can create the different virtual router, assign the vlan in new router and enable the telnet session for that new virtual router.
0 Kudos

r_____________9
New Contributor

‎04-20-2014 10:29 PM



Thanks, Paul. I sure that i can apply policy to restrict the access for source IP address. But what I want to confirm is to restrict the access not only for source access but also for the destination address(only one of VLAN IP address can be use for telnet or SSH, access to the others VLAN's IP address will be deny) in the policy file.



Thanks,



Elmer

0 Kudos

Paul_Russo
Extreme Employee

‎04-18-2014 09:26 AM

Good morning Elmer. Yes you can restrict telnet to the switch. Full information is in the concepts guide that you can download from extremenetworks.com under support>enter extreme support center>documentation. You create a policy file but use the access-profile command to assign it. Look on page 52 of 15.4 concepts guide and let us know if you have any questions. Thanks P
0 Kudos
GTM-P2G8KFN