01-29-2010 07:28 AM - edited 03-04-2019 07:21 AM
Hi Guys
I've set up ssh on my 3925 router and I would like to allow ssh access from only one physical interface. Is it possible to specify this kind of thing ?
Thanks a lot.
Best Regards,
Nicolas
Solved! Go to Solution.
01-29-2010 08:14 AM
Nicolas-
You bet!
3825-1(config)#ip ssh source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
LISP Locator/ID Separation Protocol Virtual Interface
Lex Lex interface
LongReachEthernet Long-Reach Ethernet interface
Loopback Loopback interface
MFR Multilink Frame Relay bundle interface
Multilink Multilink-group interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Dot11Radio Virtual dot11 interface
Virtual-PPP Virtual PPP interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
vmi Virtual Multipoint Interface
Hope that helps.
01-29-2010 08:14 AM
Nicolas-
You bet!
3825-1(config)#ip ssh source-interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
LISP Locator/ID Separation Protocol Virtual Interface
Lex Lex interface
LongReachEthernet Long-Reach Ethernet interface
Loopback Loopback interface
MFR Multilink Frame Relay bundle interface
Multilink Multilink-group interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-Dot11Radio Virtual dot11 interface
Virtual-PPP Virtual PPP interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
vmi Virtual Multipoint Interface
Hope that helps.
01-29-2010 08:45 AM
Hi Collin,
Thanks for your quick answer, it helps a lot;
Best Regards,
Nicolas
02-01-2010 05:28 AM
Hi Collin,
I replied a bit too fast last time. In fact, the answer you gave me it is not what I expect. Maybe I gave a wrong explanation of what I want to get.
So I would like to set up a ssh configuration in order to get a ssh connexion to the router only from one physical interface.
For example, I want to establish a ssh connexion to my router only from the interce fastethernet 0/0/1 and If I try from another interface it would reject the connexion.
Best Regards;
Nicolas
02-01-2010 06:36 AM
I remember seeing a command in the release notes of 12.4T code somewhere, but I have not been able to find it since (I've been looking for it too). Until we find that command, an ACL on the interface is the only way to restrict it.
Hope that helps.
02-01-2010 07:55 AM
Hi Collin,
Thank you for your reply. You're right I could use ACL to deny ssh access on
interfaces but I would prefer the command as you mentioned if you find back.
Thanks a lot
Best Regards,
Nicolas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: