HPE Community
Comware Based
1753937 Members
9450 Online
108811 Solutions
New Discussion

Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

 
Openminds
Occasional Contributor

‎09-26-2012 02:06 PM

‎09-26-2012 02:06 PM

Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

Hi,

 

I have two questions, both related to protecting the control plane.

 

1) Is there an easy way to ACL or firewall the ACL? Eg. on Juniper boxes, all control plane access goes via Loopback0, so any packet filter rule on loopback0, applies to all controlplane access, no matter what ip they used to access it. Do the comware switches (and the A5500-EI in particular) have this feature?

 

2) telnet server enable: is there a way to have telnet/ssh listen only on certain ips instead of all ips on the switch? If there is no answer for question 1, limiting it to a particular ip or interface, would be the easiest way to build a firewall rule for it.

 

Regards,

 

Frank

0 Kudos
1 REPLY 1
manuel.bitzi
Trusted Contributor

‎10-02-2012 06:30 AM

‎10-02-2012 06:30 AM

Re: Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

Hi

 

you can create ACLs (Source, Destinatioin, TCP/UDP-Port, etc) and assign it to all management features (like Telnet, SSH, SNMP, LACP, OSPF, etc)

 

What do you need exactly?

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.