1. Home
2. Questions
3. Unanswered
4. AI Assist
5. Tags
7. Chat
8. Users
10. Companies
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Return to Answer

Post Timeline

corrected formatting detail

Source Link

edited Aug 25, 2014 at 12:44

Gerben

4.7k
22
32

This is normal behavior for a layer 3 switch, management traffic can be sent to any active Switch Virtual Interface (SVI). If you only want to allow management traffic from a specific vlan/subnet, you could set up ACLs.

A layer 2 switch can be assigned a management IP address, attached to one vlan, called the management vlan. It will only be reachable inside this vlan.

In the case of the SF300, I believe you have to define a management ACL instead of a normal IP ACL if you want to filter management traffic into the switch. Use the management access-list command , and then apply the ACL using management access-class.

This is normal behavior for a layer 3 switch, management traffic can be sent to any active Switch Virtual Interface (SVI). If you only want to allow management traffic from a specific vlan/subnet, you could set up ACLs.

A layer 2 switch can be assigned a management IP address, attached to one vlan, called the management vlan. It will only be reachable inside this vlan.

In the case of the SF300, I believe you have to define a management ACL instead of a normal IP ACL if you want to filter management traffic into the switch. Use the management access-list command , and then apply the ACL using management access-class.

This is normal behavior for a layer 3 switch, management traffic can be sent to any active Switch Virtual Interface (SVI). If you only want to allow management traffic from a specific vlan/subnet, you could set up ACLs.

A layer 2 switch can be assigned a management IP address, attached to one vlan, called the management vlan. It will only be reachable inside this vlan.

In the case of the SF300, I believe you have to define a management ACL instead of a normal IP ACL if you want to filter management traffic into the switch. Use the management access-list command, and then apply the ACL using management access-class.

Source Link

answered Aug 24, 2014 at 22:42

Gerben

4.7k
22
32

This is normal behavior for a layer 3 switch, management traffic can be sent to any active Switch Virtual Interface (SVI). If you only want to allow management traffic from a specific vlan/subnet, you could set up ACLs.

A layer 2 switch can be assigned a management IP address, attached to one vlan, called the management vlan. It will only be reachable inside this vlan.

In the case of the SF300, I believe you have to define a management ACL instead of a normal IP ACL if you want to filter management traffic into the switch. Use the management access-list command , and then apply the ACL using management access-class.