How to Restrict Access to a RoCE switch using an Access List
(Doc ID 2998679.1)
Last updated on JANUARY 22, 2024
Applies to:
Cisco Nexus Switch - Version All Versions to All Versions [Release All Releases]Exadata Database Machine X9M-2 Hardware - Version All Versions to All Versions [Release All Releases]
Exadata Database Machine X8-2/X8M-2 Hardware - Version All Versions to All Versions [Release All Releases]
Zero Data Loss Recovery Appliance X8/X8M Hardware - Version All Versions to All Versions [Release All Releases]
Zero Data Loss Recovery Appliance X9M Hardware - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.
Goal
Provide steps to restrict ssh access to RoCE switches only from certain source IPs
NOTE: There is a risk of getting locked out .
To help avoid getting locked out, be sure to do the following before configuring the ACL
- Create a few ssh sessions into the switch before configuring the ACL . These can be used if necessary to remove a defective ACL list
- Be sure to configure the new ACL list from the node that owns the source IP that will be allowed to access the switch
If switch is not accessible, then console access will be required.
To help avoid getting locked out, be sure to do the following before configuring the ACL
- Create a few ssh sessions into the switch before configuring the ACL . These can be used if necessary to remove a defective ACL list
- Be sure to configure the new ACL list from the node that owns the source IP that will be allowed to access the switch
If switch is not accessible, then console access will be required.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |