Skip to main content
Start a Conversation

Solved!

Go to Solution

RichMBC

1 Rookie

 • 

2 Posts

103

March 19th, 2024 08:29

Apply an ACL to the Management VRF

Hi, is it possible to apply an ACL to the management plane on a S5248F? We have moved the management interface into the management VRF as well as the snmp servers. I have tried the ip access-class on line vty and it still lets all IPs to log on to the switch.

TIA

Rich

DELL-Charles R

Moderator

 • 

3.7K Posts

March 19th, 2024 14:20

Hello,

 

VTY ACLs are used only to block the source IP hosts which connect through SSH or telnet to the device management IP.

 

You cannot use these ACLs with any other qualifiers such as UDP or TCP port, destination IP, ICMP, and so on.

 

There is no implicit deny rule, so you need to add a deny rule at the end.

 

Here are instructions how to configure Management ACL to block Management access on OS10 Switches:

https://dell.to/490SkE3

 

The VTY ACL configuration syntax does not need to change for management VRF, however please check if any of these need to be changed:

 

Configure the SSH server to be reachable on the management VRF using the ip ssh server vrf command.

 

OS10(config)# ip ssh server vrf management

To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server.

OS10(config)# ip telnet server vrf management

Configures an SNMP agent to receive SNMP traps for the management VRF instance.

OS10(config)# snmp-server vrf management

RichMBC

1 Rookie

 • 

2 Posts

March 20th, 2024 14:30

Thank you @DELL-Charles R

The ACL required the deny at the end.

View More

View All

No Events found!

Top