opali@muk.ua wrote:
Hello!
How to deny management access to 620 controller without firewall license?
I want to management access only from few IP-addresses.
Thank you!
opali@mul.ua,
You can use the firewall whitelist under Configuration> Advanced Services> Stateful Firewall> ACL whitelist. The ACL whitelist is a list of management traffic that is allowed to hit the controller. The controller is managed using https on TCP 4343, so if I wanted to block web management traffic from the 192.168.1.0 network, I would click on ADD and do this:
Protocol Number 6 is TCP and of course port 4343 is the web management traffic. If you click on Done then Apply, it will block web traffic. YOU SHOULD BE VERY CAREFUL WITH THIS, OR MAKE SURE YOU ARE NEAR THE CONTROLLER WITH A CONSOLE CABLE JUST IN CASE YOU MAKE A MISTAKE THAT WILL LOCK YOU OUT OF THE MANAGEMENT WEB PAGE.
I locked myself out of the management web page using this example, so I had to SSH into the controller and remove the ACL that I created like this:
config t
firewall cp no ipv4 deny 192.168.1.0 255.255.255.0 proto "6" ports 4343 4343