11-17-2011 08:26 AM
Have a controller that is sitting on a network for public guest access. It must sit on this network because there is a route back to a remote office for management purposes. My dillema comes in two parts which I'm pretty sure can be solved via f/w policies I just need to know the right ones.
First, I need to block acces to the Controller and AMP server that are sitting on this network and limit them to only a couple IPs that are allowed to access them.
Second, I need to block dhcp requests for anything plugged into the wired ports on the switch that is connected to the controller.
11-17-2011 12:41 PM
First - you need to create an ACL that allows the required ports/protocols for management (http, https, tcp/4343, SSH, SNMP, etc) from the management IPs. Once you have the ACL defined, add it to the physical (gig 1/0, for instance) port on the controller that attaches to your network. This won't help AMP, though. You will have to add ACLs to some other device to protect it.
Second, do you need the ports up? Can you just shut them down in the config? If not, you will have to create an ACL that denies DHCP and then permits everything else and apply it to those ports.