Hi,
In an effort to increase security, I disable MAC WinBox server, neighbor discovery and only allow WinBox connections from our office IP address. This works well for devices that have a serial interface, but other devices may end up impossible to access if you screw up well enough.
I’m looking to achieve something that’s as close to out-of-band management as possible. Ideally, I imagine being able to connect via WinBox on layer 2, but only if I am directly connected. Preferably without a dedicated management port. It needs to work on bridge ports and non bridge.
I am primarily unsure whether the direct connection restriction is possible. Failing the above requirements, any other ideas? Lack of serial interface is the primary contraint.