Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

A-Series: Isolate Switch Management Traffic in L3 Environment

Manfred M.
Advisor

A-Series: Isolate Switch Management Traffic in L3 Environment

Hi! We have several A5800-48G Switches in an IRF Configuration and want to isolate the Management Traffic to the Switches using a separate VLAN routet via the Firewall. As the A5800 has several Virtual Interfaces with IP Addresses, the switch management can be reached in those VLANs which should not be allowed. Questions: Must we use ACLs to achieve this or is there an 'easier' possibility? How could we isolate the traffic using ACLs in an easy way (we normally don't want ACLs on routing switches...)? Any ideas? With regards Manfred
1 REPLY
Fredrik Lönnman
Honored Contributor

Re: A-Series: Isolate Switch Management Traffic in L3 Environment

I dont know about easier, but you want really separated management interfaces you could put them in an own VRF (called vpn-instance in the 5800).

 

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S