I have a PC5524 (Powerconnect 5524) switch on an active production network. I have a management VPN gateway to give administrative hosts access to the switch's HTTPS and SSH management interfaces on a private IP address bound to a VLAN. I have ensured this connectivity is enabled. The previous switch configuration has bound a public routable IP address to the same VLAN, which allows any host on the public Internet to connect to both management interfaces. I would like to disable the public IP address, though I need to ensure the switch does not require a reboot when I delete the public IP and default route.
Here is my current config (SW version 4.0.1.11 (date 16-Oct-2011 time 18:10:50))
interface vlan 1
ip address 192.168.y.y 255.255.y.y
ip address x.x.x.x 255.255.255.128
ip route 0.0.0.0 0.0.0.0 x.x.x.254
I would like to issue the following command to disable management on the x.x.x.x interface, which is publicly routable.
no ip route 0.0.0.0 0.0.0.0 x.x.x.254
no ip address x.x.x.129 255.255.255.128
If I do this, I must ensure the following
- The second 192.168.x.x IP address will continue to allow management connections
- There will be no loss of connectivity after I delete the ip route x.x.x.254 and ip address x.x.x.129
I found little documentation on this subject. I also found some suspect information about enabling/disabling management services (telnet, SSH) requiring a reboot. I quote
That command should disable http access to the switch. I would try saving the config and rebooting the switch, then test again.
I have tried both configuring a MACL and an ACL to deny access to TCP ports 22 and 443 on the public IP but these options are not functional with my firmware version.
Help would be appreciated since I cannot have network downtime and I have no test environment to duplicate this configuration.
Thanks,
Lee
