1 Rookie
•
2 Posts
0
103
Apply an ACL to the Management VRF
Hi, is it possible to apply an ACL to the management plane on a S5248F? We have moved the management interface into the management VRF as well as the snmp servers. I have tried the ip access-class on line vty and it still lets all IPs to log on to the switch.
TIA
Rich
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
March 19th, 2024 14:20
Hello,
VTY ACLs are used only to block the source IP hosts which connect through SSH or telnet to the device management IP.
You cannot use these ACLs with any other qualifiers such as UDP or TCP port, destination IP, ICMP, and so on.
There is no implicit deny rule, so you need to add a deny rule at the end.
Here are instructions how to configure Management ACL to block Management access on OS10 Switches:
https://dell.to/490SkE3
The VTY ACL configuration syntax does not need to change for management VRF, however please check if any of these need to be changed:
Configure the SSH server to be reachable on the management VRF using the ip ssh server vrf command.
OS10(config)# ip ssh server vrf management
To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server.
OS10(config)# ip telnet server vrf management
Configures an SNMP agent to receive SNMP traps for the management VRF instance.
OS10(config)# snmp-server vrf management
RichMBC
1 Rookie
1 Rookie
•
2 Posts
0
March 20th, 2024 14:30
Thank you @DELL-Charles R
The ACL required the deny at the end.