07-03-2024 05:45 AM
I am segmenting the remote management of our switching, which is running a mixture of EXOS versions. The goal is to place this network management into its own security zone on our firewall where we can trigger an MFA event for an added layer of security for authentication. My question is this: Can you edit the source for SSH2, when it is enabled? Or is this bound to the management port?
I have a new IP Schema for this portion of the network and would like to lay it over all the switches and migrate to it. Is this possible?
Solved! Go to Solution.
07-03-2024 05:52 AM
First: Good Idea! 🙂
I hope I understand your question correctly...
If you use the management-port, it's so called out-of-band management. Management Port uses its own VR and is independent from the switch. (One downside is that you have no redundancy)
You can also do in-band management using the normal ethernet-ports and normal VLANs. As a result you profit from redudancy if you have multiple uplinks on the switch.
Basically the steps would be (for in-band mgmt):
You can also work with SSH-Profiles to further limit the access, but since you have a firewall in place, this shouldn't be neccessary.
07-08-2024 05:44 AM
Hi,
I think when you enable SSH2 on your switches it is usually tied to the management interface or VLAN used for remote management. You can't modify the actual SSH2 source code instead you configure SSH settings through the switch's management interface. It is possible to transition to a new IP scheme for your management network by updating IP configurations on each switch ensuring consistent access and security policies throughout your network.
Thanks
07-03-2024 05:52 AM
First: Good Idea! 🙂
I hope I understand your question correctly...
If you use the management-port, it's so called out-of-band management. Management Port uses its own VR and is independent from the switch. (One downside is that you have no redundancy)
You can also do in-band management using the normal ethernet-ports and normal VLANs. As a result you profit from redudancy if you have multiple uplinks on the switch.
Basically the steps would be (for in-band mgmt):
You can also work with SSH-Profiles to further limit the access, but since you have a firewall in place, this shouldn't be neccessary.
07-06-2024 02:55 AM
Interesting. So, the source for SSH is bundled all together with the Management interface and the vrf that contains it. I will give it a try. Thank you for your response.