02-12-2010 12:26 AM - edited 03-04-2019 07:29 AM
Hi, I have one Nexus 7000 having 3 VDC. I have enabled default feature of SSH on that. The problem is I am able to ssh on that
device only from few switches. I want to know if someone has implemented any ACL on SSH. Please help how can I see it?
02-12-2010 11:19 AM
For your ssh problem, without seeing the config, I can only suggest you to check your management VRF routes.
To control SSH ACL on the Nexus, you will have to midify the COPP in the default VDC.
Regards,
jerry
04-12-2018 01:30 AM
An access class should be applied to the VTY port to increase security by restricting SSH and Telnet access to specific source and destination IP addresses. An access class configured on the VTY port is applicable when using an in-band or out-of-band management strategy. An access-class is configured per traffic direction, in applies to inbound sessions and out applies to outbound sessions.
Statistics can be enabled with the access list statistics per-entry. The following example illustrates a basic policy that permits SSH traffic from a specific subnet to all IP addresses configured in the current VDC. All traffic is permitted if an access-class is applied to the VTY port and the associated access-list is deleted from the configuration.
n7000(config)# ip access-list vty-acl-in
n7000(config-acl)# permit tcp x.x.x.x/24 any eq 22
n7000(config)# line vty
n7000(config-line)# ip access-class vty-acl-in in
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide