Hello!
In documentation for ERS-4000/5000 (NN48500-594) I found possibility to limit management (telnet, ssh, snmp, web) access to switch by one ACL:
ERS-Stackable(config)# ipmgr ?
snmp Enable IP Manager control over SNMP traffic.
source-ip Set source IP address from which connections are allowed
ssh Enable IP Manager control over SSH sessions.
telnet Enable IP Manager control over TELNET sessions.
web Enable IP Manager control over WEB connections.
I want to provide managment access to switches only for management subnet and restrict for others (for example in LAN users would have default gateway on ERS switch but I don’t want that they could telnet/ssh to this switch). For this purpose I could apply ACL for every L3 interface on switch but it is not very scalable. As far as I understand I could use one “special” ACL – ipmgr, am I right? Do somebody use it?
I try to find something like this for ERS8800/VSP9000 but could not. What is the simplest way to limit access to ERS8800/VSP9000?