cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2954
Views
0
Helpful
5
Replies

ssh access from only one physical interface

nviturat20
Level 1
Level 1

Hi Guys

I've set up ssh on my 3925 router and I would like to allow ssh access from only one physical interface. Is it possible to specify this kind of thing ?

Thanks a lot.

Best Regards,

Nicolas

1 Accepted Solution

Accepted Solutions

Collin Clark
VIP Alumni
VIP Alumni

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

View solution in original post

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

nviturat20
Level 1
Level 1

Hi Collin,

Thanks for your quick answer, it helps a lot;

Best Regards,

Nicolas

Hi Collin,

I replied a bit too fast last time. In fact, the answer you gave me it is not what I expect. Maybe I gave a wrong explanation of what I want to get.

So I would like to set up a ssh configuration in order to get a ssh connexion to the router only from one physical interface.

For example, I want to establish a ssh connexion to my router only from the interce fastethernet 0/0/1 and If I try from another interface it would reject the connexion.

Best Regards;

Nicolas

I remember seeing a command in the release notes of 12.4T code somewhere, but I have not been able to find it since (I've been looking for it too). Until we find that command, an ACL on the interface is the only way to restrict it.

Hope that helps.

nviturat20
Level 1
Level 1

Hi Collin,

Thank you for your reply. You're right I could use ACL to deny ssh access on

interfaces but I would prefer the command as you mentioned if you find back.

Thanks a lot

Best Regards,

Nicolas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: