network management security - Switches and SVIs

Unanswered Question
Jul 20th, 2010
User Badges:

Hello all.


I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example.  How can I remove telnet or SSH access from the other SVIs?


I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.

I imagine an access list just blocking the ports?  What would you suggest?


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Panos Kampanakis Wed, 07/21/2010 - 10:45
User Badges:
  • Cisco Employee,

I believe ACLs on the SVIs are you only choice to limit the subnets that can ssh or telnet to your vlan SVIs.


I hope it helps.


PK

Ganesh Hariharan Wed, 07/28/2010 - 23:38
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello all.


I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example.  How can I remove telnet or SSH access from the other SVIs?


I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.

I imagine an access list just blocking the ports?  What would you suggest?


Thanks in advance.


Hi,


If you have decided the source ip from where the telnet or ssh is allowed you can use access class configuration with acl applied on line vty which will only permit the particular host to telnet or ssh into device.


Following is the example for access class hope to help !!


The following example defines an access list that permits only hosts on  network 192.89.55.0 to connect to the virtual terminal ports on the  router:


access-list 12 permit 192.89.55.0  0.0.0.255
line 1 5
access-class 12 in


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion