Restrict Management Access
03-07-2018 02:55 AM
We have a 3810M switch stack. I am looking to restrict the management access.
2 main issues I currently have:
- Although we have a Management VLAN for the stack (and other switch stacks around the company), because IP Routing is enabled on this switch stack and each VLAN has an IP address, you can currently manage the switches on those VLAN IPs. I want to disable access (SSH and HTTPS) to just the Management VLAN IP.
- For the web interface, to make any changes, you obviously need to log in, however I don't like the fact that you can see tons of read-only information including various config aspects with no login. Is there a way to require login to get even read-only info on the web interface?
Many Thanks in advance,
Re: Restrict Management Access
03-07-2018 04:53 AM
Nevermind, I think I worked it all out
1) I hadn't actually configured the Management VLAN as a management VLAN. I believe this would stop routing of that VLAN which currently I don't want to do as I don't have a dedicated device I can stick on the management VLAN. So, there's no actual point in trying to restrict which IPs you can access the management interface on if you aren't going to restrict which source IPs can access. I've found you can use the "IP Authorized-Managers" commands for that.
2) I hadn't configured an "operator" password, just a manager one. As soon as I created the operator one, it restricted the web interface straight away to requiring a logon.