ACL Protection for Admin Access


#1

Hi all,

We have been started to deploy Balance 2500 on our network. However, we found below problems during implementations:

  1. There should be an ACL for protecting the admin access, by controlling which IP address/network/range can access the Admin page (Web, CLI) of the system.

  2. For Balance 2500, there should also be dedicated network setting for the management port, rather than sharing existing LAN configuration and use VLAN tagging for traffic separation.

Please kindly consider.

Br,
Michael
IT Officer
Infrastructure and User Services Section
Information and Communication Technology Office
University of Macau


Limit access to management
#2

We do have options to limit the local Web Admin access. You may limit it to a Vlan. Please refer to the post below.

If need to limit it to Management port only. Below is the setting.

2018-02-12


#3

We know that option, and we have actually tried before, but not our desire result.

  1. There is no dedicated configuration for management port, so it is not actually OOB management.
  2. The LAN network setting are shared, which for our case, untagged traffic has to be user traffic and management traffic can only be VLAN tagged. We tried by turning the port configuration on the management switch connecting the management port of Peplink by configuring it as a Trunk port and only allow the management traffic vlan tag, and configure the LAN port on the Peplink as Access port but it seems somehow it create a STP loop.

Ideally, there should be separate network setting for management port and LAN port, and access control on management port for commercial product.