I have a NE1032 running CNOS 10.10.2.0 and configured for SNMP, the SNMP is Woking fine.
Currently SNMP is available on any vlan interface from any source, I'm trying to restrict SNMP access with a simple IPv4 ACL but haven't managed to get this working.
From the 10.10 application guide I believe the correct configuration would be like below.
https://systemx.lenovofiles.com/help/topic/com.lenovo.thinksystem.ne1032.doc/CNOS_AG_10-10.pdf
Switch(config)# line vty vrf default
Switch(config-vrf-vti)# ip access-class MANAGEMENT in
IP access list MANAGEMENT
10 permit ip host 192.168.1.1 any
20 permit ip 192.168.0.0/16 any
But when I applied this to my switch I didn't get any change in behaviour, I could still SSH and SNMP to the switch.
Even creating a deny statement at the top of the ACL and specifying my server IP I still could access the switch.
I confirmed the particular vlan interface I was testing belongs to the default VRF,
CP-OP-RSP-SW02(config)#show vrf
Maximum number of vrfs allowed: 65
VRF default, FIB ID 0
Router ID: 192.168.99.2 (automatic)
RD 0:0
Interfaces:
Vlan1
Vlan55
Vlan57
Vlan58
Vlan59
Vlan60
Vlan62
Vlan98
Vlan99
Vlan502
Vlan506
loopback0
po1
Ethernet1/1
Ethernet1/2
I assume I have overlocked something but struggling to find it, Can anyone please give me some assistance on this?
No comments:
Post a Comment