Is there a way to configure a 3Com switch to restrict telnet access to it? I manage the switch over the network, but I don´t want users to access switch command line interface.
I want to configure something like a access-list on vty on Cisco switches. Is it possible??
I have three diferents model of switches:
- 3Com 3300
- 3Com Desktop Switch
- 3Com Corebuilder 5000
Thanks!
The following is based on my experience with the 3300, I can't say anything about the other models.
The switches' management interface is on VLAN 1 by default - I heard claims that this can be changed via SNMP, but I don't know if it is true. I find it good practice to only have switches and management stations in this VLAN, and put users on different VLANs. This way, users will not be able to access the switch management. As an additional measure, you should of course set passwords for all accounts on the switch. The VLAN separation ensures that users can not read the passwords when you are sending them unencrypted over telnet.
As far as I know, there are no access lists based on client IP address. You can only configure which user is able to access which protocol (telnet, snmp, ...).
Mirko
The following is based on my experience with the 3300, I can't say anything about the other models.
The switches' management interface is on VLAN 1 by default - I heard claims that this can be changed via SNMP, but I don't know if they are true. I find it good practice to only have switches and management stations in this VLAN, and put users on different VLANs. This way, users will not be able to access the switch management. As an additional measure, you should of course set passwords for all accounts on the switch. The VLAN separation ensures that users can not read the passwords when you are sending them unencrypted over telnet.
As far as I know, there are no access lists based on client IP address. You can only configure which user is able to access which protocol (telnet, snmp, ...).
Mirko
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.