Hi,
I have a lot of vlans, my 7024 Switch is routing. Each of these vlans has a configured IP address, acting as Gateway IP in the specific networks.
I can access webserver and console on every network at these ip addresses. How can i stop it?
I've tried setting a management ACL, that can only access https and ssh from defined IP addresses in a specific vlan. But all of my vlans are trunkated through the uplink ports (my workstation connects through a PC2848 with a specific tagged vlan and this switch serves 4 vlans that are trunkated through sfp uplink to the 7024) and i have a lot of hits on macl.
MACL Trace: Mismatch on rule 1. Rule interface vlan2, ingress interface vlan102.
MACL Trace: Packet does not pass MACL => drop (true violation).
Number of packets denied by management ACLs = 1076629
When macl is activated, CPU Usage is growing up to 60%
I've also tried to add deny rules to the inbound ACLs
(access-list in102 deny any 192.168.102.254 0.0.0.0)
But for some reason i could access the switch on those IPs, that are trunkated to the 2848.
I don't know, whats going on there.
Is there any possibility to deactivate the webserver/console on these IP addresses?
The Firmware Version on the 7024 is 5.0.1.3
Thank You
Florian