This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- SSH2 source selection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SSH2 source selection
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-03-2024 05:45 AM
I am segmenting the remote management of our switching, which is running a mixture of EXOS versions. The goal is to place this network management into its own security zone on our firewall where we can trigger an MFA event for an added layer of security for authentication. My question is this: Can you edit the source for SSH2, when it is enabled? Or is this bound to the management port?
I have a new IP Schema for this portion of the network and would like to lay it over all the switches and migrate to it. Is this possible?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-03-2024 05:52 AM
First: Good Idea! 🙂
I hope I understand your question correctly...
If you use the management-port, it's so called out-of-band management. Management Port uses its own VR and is independent from the switch. (One downside is that you have no redundancy)
You can also do in-band management using the normal ethernet-ports and normal VLANs. As a result you profit from redudancy if you have multiple uplinks on the switch.
Basically the steps would be (for in-band mgmt):
- Create new VLAN
- Assign IP Address to said VLAN
- Tag it on the uplinks and to your firewalls
- Test access to new IP
- Remove IP-Address from currently used VLAN for mgmt
You can also work with SSH-Profiles to further limit the access, but since you have a firewall in place, this shouldn't be neccessary.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-08-2024 05:44 AM
Hi,
I think when you enable SSH2 on your switches it is usually tied to the management interface or VLAN used for remote management. You can't modify the actual SSH2 source code instead you configure SSH settings through the switch's management interface. It is possible to transition to a new IP scheme for your management network by updating IP configurations on each switch ensuring consistent access and security policies throughout your network.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-03-2024 05:52 AM
First: Good Idea! 🙂
I hope I understand your question correctly...
If you use the management-port, it's so called out-of-band management. Management Port uses its own VR and is independent from the switch. (One downside is that you have no redundancy)
You can also do in-band management using the normal ethernet-ports and normal VLANs. As a result you profit from redudancy if you have multiple uplinks on the switch.
Basically the steps would be (for in-band mgmt):
- Create new VLAN
- Assign IP Address to said VLAN
- Tag it on the uplinks and to your firewalls
- Test access to new IP
- Remove IP-Address from currently used VLAN for mgmt
You can also work with SSH-Profiles to further limit the access, but since you have a firewall in place, this shouldn't be neccessary.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-06-2024 02:55 AM
Interesting. So, the source for SSH is bundled all together with the Management interface and the vrf that contains it. I will give it a try. Thank you for your response.
