Just to make the list whole: It appears that you have to configure iptables in linux on NXOS in order to restrict access to NXAPI, seems crazy to me to spread out the security of the device to several different interfaces but I didn't design it.
Thanks, -Drew -----Original Message----- From: cisco-nsp <[email protected]> On Behalf Of Drew Weaver Sent: Friday, March 12, 2021 11:47 AM To: [email protected] Subject: [c-nsp] NXOS/NXAPI + CoPP Hi, Does anyone have a document that explains the differences in CoPP in different devices that run NXOS? It recently has come to my attention that the same image running on different hardware has wildly different capabilities and it doesn't seem to be documented what the capabilities are between the different hardware platforms. I had one more specific question: Does traffic destined for NXAPI hit the control plane? It seems like the answer would be "of course it does" however I am having a whole lot of trouble using CoPP to limit access to NXAPI based on source IP address. If anyone has successfully limited access to NXAPI based upon source ip address I would greatly appreciate any insights you can provide on how you did this. Thanks, -Drew _______________________________________________ cisco-nsp mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F_kuTKCpVu8SGsqMLvb0NcvsjmB8_OgIWXKgxHe1dbQ&s=ATmXPsZKjAVL2WPRI4ojaPdPjzWKdRJGRJR9TuuQgmc&e= archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F_kuTKCpVu8SGsqMLvb0NcvsjmB8_OgIWXKgxHe1dbQ&s=xMiI5qcnWye8HAdtys1TjQCmZdd0wc6UzeGcSzxrUWc&e= _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
