I have a question regarding of various points where you can apply control plane ACLs on Arista switch. For example, I can see some of our devices apply ACL at control-plane, such as the following example.
While other devices, apply it at management ssh configuration stanza.
I am pretty certain that control-plane is more general than management ssh or management api http-commands levels. By saying “more general”, I mean that ACL applied at control-plane level can include SSH and HTTP relevant ACL statements, while it would not make sense to filter HTTPs based ACL entries from management ssh level, or vice versa, SSH entries from management api http-commands. I searched, but did not find a good explanation between these options. Is there “preferred” level where you would want to filter control plane traffic, or is it completely up to switch admin to decide where to apply various ACLs (control-plane, management ssh, or management api http-commands)?
Post your Answer
You must be logged in to post an answer.