Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


4500-Sup7; SSH and admin VRF only

Hello all.

I may be blind but I've not seen this topic in the documentation; I refer to "Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3.0SG and IOS 15.1(1)SG"

The Sup7 has a dedicated FastEthernet port which is automatically put into a vrf named "mgmtvrf".

What I want to do is to permit inbound ssh only on this interface (vrf) and not on any other IP owned by the switch...

How can I do that ? By default any feature enabled on the switch is bound to all IP addresses defined in the switch belonging to all vrf...

Technically I want the ssh process to listen only in the admin vrf.


Re: 4500-Sup7; SSH and admin VRF only

Finally; I couldn't find the way to implement Management Plane Protection in the parser; the following commands doesn't do the job :

control-plane host

management-interface Fa0/1 allow ssh telnet

the "control plane host" doesn't work and there is no "management-interface" subcommand into the "control plane" section.

Has anybody succeeded to implement MPP for the admin port of a SUP7-E in a 4500 ?

I'm running the last version : IOS 15.1 / IOS XE 3.3.0 SG

It seems that it's not documented in the configuration guide.

And the feature navigator seems to be clear : only supported in IOS XR and standard IOS for routers but not switches ??? Even with IOS XE / 15.1 train ?

Cisco Employee

4500-Sup7; SSH and admin VRF only