Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

Openminds
Occasional Contributor

Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

Hi,

 

I have two questions, both related to protecting the control plane.

 

1) Is there an easy way to ACL or firewall the ACL? Eg. on Juniper boxes, all control plane access goes via Loopback0, so any packet filter rule on loopback0, applies to all controlplane access, no matter what ip they used to access it. Do the comware switches (and the A5500-EI in particular) have this feature?

 

2) telnet server enable: is there a way to have telnet/ssh listen only on certain ips instead of all ips on the switch? If there is no answer for question 1, limiting it to a particular ip or interface, would be the easiest way to build a firewall rule for it.

 

Regards,

 

Frank

1 REPLY
manuel.bitzi
Trusted Contributor

Re: Control plane protection: firewalling, limiting telnet/ssh on certain ips etc

Hi

 

you can create ACLs (Source, Destinatioin, TCP/UDP-Port, etc) and assign it to all management features (like Telnet, SSH, SNMP, LACP, OSPF, etc)

 

What do you need exactly?

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland