NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

crankyzz's avatar
crankyzz
Aspirant
Nov 20, 2020
Solved

Restrict Management access not working

Hi all, hoping someone can help. I have an M4300-8X8F switch which i have configured the management interface to use the OOB service port. my parent company has passed along a security requirement w...
  • crankyzz's avatar
    crankyzz
    Dec 04, 2020

    Best I could work out is the ACLs don't apply to networkng on the OOB service port but it's not mentioned in the documentation. I had to change to use a switchport instead

DaneA's avatar
DaneA
NETGEAR Employee Retired
Dec 03, 2020

crankyzz,

 

Welcome to the community! :) 

 

Kindly check if you have properly applied the ACLs to the corresponding port/s.  For technical assistance, it would be best that you kindly open a support ticket with NETGEAR Support here at anytime. 

 

 

Regards,

 

DaneA

NETGEAR Community Team

crankyzz's avatar
crankyzz
Aspirant
Dec 04, 2020

Best I could work out is the ACLs don't apply to networkng on the OOB service port but it's not mentioned in the documentation. I had to change to use a switchport instead

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Dec 04, 2020

    The OOB (out of band!) should never be connected to the production network. The (expensive) solution is maintaining a dedicated network allowing the management plane to remain accessible during network outages or maintenance - we introduced such designs during the 1980ties for finance and government networks already. The less expensive version is a dedicated management VLAN where OOB, serial console servers et all are connected to - undoubted much less secure.

     

    Not aware Netgear does offer the ability to put up ACLs on the OOB interfaces as e.g. NX-OS (add much more $$$) allows. LaurentMa ?

    • LaurentMa's avatar
      LaurentMa
      NETGEAR Expert
      Dec 04, 2020

      Hi, there is no ACL on the OOB out-of-band management port. Per design, OOBM (out-of-band management) is meant for a separate management network, traditionally secure because not in the network, not connected to the internet, etc. In that case, In-band management can be shut down using Management ACLs when separate OOBM network.

       

      We do provide ACLs on the in-band of course - as you know the Source Management for the switch can be either OOB, or Management VLAN on the in-band, or a specific hardware interface (port) on the in-band too. For the last two, ACLs can be put in place.

       

      I hope it helps,

      Regards

      • schumaku's avatar
        schumaku
        Guru - Experienced User
        Dec 04, 2020

        LaurentMa True dedicated OOB band networks are a luxury good CIO can't get adjusted with the CFO and CEO of security sensitive businesses anymore. Rephrasing my question a little bit:

         

        Does Netgear consider to offer the ability to put up ACLs on the OOB interfaces as e.g. NX-OS (add much more $$$) allows?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More