07-03-2012 09:12 AM - last edited on 03-25-2019 05:29 PM by ciscomoderator
Hello all.
I may be blind but I've not seen this topic in the documentation; I refer to "Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3.0SG and IOS 15.1(1)SG"
The Sup7 has a dedicated FastEthernet port which is automatically put into a vrf named "mgmtvrf".
What I want to do is to permit inbound ssh only on this interface (vrf) and not on any other IP owned by the switch...
How can I do that ? By default any feature enabled on the switch is bound to all IP addresses defined in the switch belonging to all vrf...
Technically I want the ssh process to listen only in the admin vrf.
07-23-2012 11:43 AM
Finally; I couldn't find the way to implement Management Plane Protection in the parser; the following commands doesn't do the job :
control-plane host
management-interface Fa0/1 allow ssh telnet
the "control plane host" doesn't work and there is no "management-interface" subcommand into the "control plane" section.
Has anybody succeeded to implement MPP for the admin port of a SUP7-E in a 4500 ?
I'm running the last version : IOS 15.1 / IOS XE 3.3.0 SG
It seems that it's not documented in the configuration guide.
And the feature navigator seems to be clear : only supported in IOS XR and standard IOS for routers but not switches ??? Even with IOS XE / 15.1 train ?
07-23-2012 07:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide