hey, virtual is the keyword and your goal could be accomplished using vrf's. the g3 doesn't support vrf's unfortunately. other vendors have a control plane protection feature which restricts access to a router/switch's management plane but i don't see anything of this sort from enterasys.
i think you're stuck with using acls. mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, August 24, 2011 12:20 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Mgmt Traffic G3 Ok, but: defining the MgmtVLAN in the router is not very secure. We would like to access the MgmtVLAN (route it) through our firewall only. If you make it a router interface you can't prevent anyone from e.g. directly connected networks to access the Mgmt address without configuring complicated ACLs or using source routing or whatever. It would just be nice to have some kind of "virtual" out-of-band management without any hassle... > Hi, > > As far as i know you can't use layer 2 ip address (host IP) when > routing features is in use, so the management address should be an > interface vlan instead of the "set ip address". --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys Michael.D'[email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
