Excellent, I now have ssh and https up and runnning.
I have ACLs bound to my incomming port, the first two lines allow access from my home (static IP) and from our office (static IP). The next few lines deny access to the telnet port. Now, the question is, do IP based ACLs restict the ports for the admin ports of the switch itself? (as well as the rest of the network)? i.e. if you wrote poor ACLs you could feasibly lock yourself completely out of the switch and network, right?
If so, I am all good.
BTW, my password for everything is better than 12 chars long, containg special chars, CAPS, etc etc.....
bh1633
909 Posts
0
February 9th, 2009 14:00
You need to enable the ssh and https servers on the switch.
ip ssh server
ip https server
You may need to generate a key for ssh:
crypto key generate rsa
or
crypto key generate dsa
You may also need to generate crypto certificate for https:
crypto certificate 1 generate key-generate 1024
Telnet is enabled by default, so double check your ACLs.
tnn
30 Posts
0
February 10th, 2009 10:00
Excellent, I now have ssh and https up and runnning.
I have ACLs bound to my incomming port, the first two lines allow access from my home (static IP) and from our office (static IP). The next few lines deny access to the telnet port. Now, the question is, do IP based ACLs restict the ports for the admin ports of the switch itself? (as well as the rest of the network)? i.e. if you wrote poor ACLs you could feasibly lock yourself completely out of the switch and network, right?
If so, I am all good.
BTW, my password for everything is better than 12 chars long, containg special chars, CAPS, etc etc.....
Thanks for the help!
-Grant
bh1633
909 Posts
0
February 10th, 2009 11:00
Yes. You can write an ACL that blocks you from accessing the switch management.