Filter
Top Products
Egress Interface Selection (EIS)
EIS allows you to isolate the management and front-end port domains by preventing switch-initiated
traffic routing between the two domains. This feature provides additional security by preventing flooding
attacks on front-end ports.
The following protocols support EIS: DNS, FTP, HTTP, IGMP, NTP, RADIUS, SNMP, SSH, Syslog, TACACS,
Telnet, and TFTP.
When you enable this feature, all management routes (connected, static, and default) are copied to the
management EIS routing table. Use the management route command to add new management routes
to the default and EIS routing tables. Use the
show ip management-eis-route command to view the
EIS routes.
Important Points to Remember
• Deleting a management route removes the route from both the EIS routing table and the default
routing table.
• If the management port is down or route lookup fails in the management EIS routing table, the
outgoing interface is selected based on route lookup from the default routing table.
• If a route in the EIS table conflicts with a front-end port route, the front-end port route has
precedence.
• Due to protocol, ARP packets received through the management port create two ARP entries (one for
the lookup in the EIS table and one for the default routing table).
Configuring EIS
EIS is compatible with the following protocols: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog,
TACACS, Telnet, and TFTP.
To enable and configure EIS, use the following commands:
1. Enter EIS mode.
CONFIGURATION mode
management egress-interface-selection
2. Configure which applications uses EIS.
EIS mode
application {all | application-type}
NOTE: If you configure SNMP as the management application for EIS and you add a default
management route, when you perform an SNMP walk and check the debugging logs for the
source and destination IPs, the SNMP agent uses the destination address of incoming SNMP
packets as the source address for outgoing SNMP responses for security.
Interfaces
405