Wired Intelligent Edge

I am preparing to implement a new network service in which the WAN and Internet traffic will be coming in on a single drop.  This connection is connected to a Procurve 2915-8-PoE switch. 

 

This switch is configured so that the Internet traffic goes to the firewall on one port and the WAN traffic on another.  However, it appears that I can only apply the ACL to an interface port and not a VLAN.  Because of the switch is still vulnerable to the outside.  I disabled telnet and the web interface, but SSH access isn't enough protection.  I thought about the management vlan, but I will need to be able to access the swtich from other locatoins.

 

If there any way I can block external users from being able to log into the switch while still allowing internal access?

#ACLs

Hi Eric,

Exact configuration information about your switch would help, but as a general rule, VLAN ACLs are only available on switches which provide routing. The access security guide for the 2915 is pretty clear that ACLs are only allowed on inbound ports or trunks. http://cdn.procurve.com/training/Manuals/2615-2915G-ASG-May10-A_14_03.pdf

The authorized managers feature is probably what you want: http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=4219915&prodTypeId=12883&objectID=c02939620

More information can be found in the same manual linked above.