SSH on Nexus 7000

Rupesh Kashyap · ‎02-12-2010

Hi, I have one Nexus 7000 having 3 VDC. I have enabled default feature of SSH on that. The problem is I am able to ssh on that

device only from few switches. I want to know if someone has implemented any ACL on SSH. Please help how can I see it?

Jerry Ye · ‎02-12-2010

For your ssh problem, without seeing the config, I can only suggest you to check your management VRF routes.

To control SSH ACL on the Nexus, you will have to midify the COPP in the default VDC.

Regards,

jerry

sbhadrav@cisco.com · ‎04-12-2018

An access class should be applied to the VTY port to increase security by restricting SSH and Telnet access to specific source and destination IP addresses. An access class configured on the VTY port is applicable when using an in-band or out-of-band management strategy. An access-class is configured per traffic direction, in applies to inbound sessions and out applies to outbound sessions.

Statistics can be enabled with the access list statistics per-entry. The following example illustrates a basic policy that permits SSH traffic from a specific subnet to all IP addresses configured in the current VDC. All traffic is permitted if an access-class is applied to the VTY port and the associated access-list is deleted from the configuration.

n7000(config)# ip access-list vty-acl-in
n7000(config-acl)# permit tcp x.x.x.x/24 any eq 22
n7000(config)# line vty
n7000(config-line)# ip access-class vty-acl-in in