i bought rb250gs thinking it would be “ordinary L2 websmart switch”. But for some reason i am not able to set it up in way i need it to. What i need is this:
switch seems to be doing what it wants despite the configuration, management is accessible from every port (and it doesnt really matters how is it configured), also every cca 30seconds hangs (stops responding).
Set VLAN Mode = strict for all ports and VLAN Header = add if missing for Port1.
Set password to deny management access for users.
RB250GS will not do any routing. SwOS uses a simple algorithm to ensure TCP/IP communication - it just replies to the same IP and MAC address packet came from.
Please clarify what do you mean by vlan interface in this case?
Is it possible to limit management access using the acl?
It seems you could simply drop any packets with the dst ip/mac of the switch and the wrong port or vlan. This may require an entry for each vlan that is not allowed management access.
It is not clear where the acl sits in the packet flow, but it would also seem that management is port 6 of the switch chip, so this might not work as the very first acl entry is likely set at boot to forward packets with the management address to port 6.
.