Assuming you are talking about Nexus 7000. In order to control SSH to vty like IOS, you have to configure CoPP in the default VDC. There is an enhanced bug filed to correct this problem in the later release - CSCsq20638.
Here is the example to allow ssh to the Nexus from 10.10.10.0/24 network
ip access-list copp-system-acl-allow
10 remark ### ALLOW SSH
20 permit tcp 10.10.10.0/24 any eq 22
30 remark ### ALLOW SNMP
40 permit udp 10.10.20.0/24 any eq snmp
... ... (to include snmp, NTP, TACACS+, etc)
ip access-list copp-system-acl-deny
10 remark ### this is a catch-all to match any other traffic
20 permit ip any any
class-map type control-plane match-any copp-system-class-management-allow
match access-group name copp-system-acl-allow
class-map type control-plane match-any copp-system-class-management-deny
match access-group name copp-system-acl-deny
policy-map type control-plane copp-system-policy
police cir 60000 kbps bc 250 ms conform transmit violate drop
police cir 60000 kbps bc 250 ms conform drop violate drop
I've got the same issue. I have used the configuration you supplied and I still don't have any luck with this. I don't actually seeing the traffic hit my access-list. Am I doing something wrong here? I can paste the configuration, but it's going to look suspiciously like what you put out there.
OK, I will go in and grab the config here in a second. Although, while I am doing that can you tell me if the control-plane policing will affect traffic sent to the management interface? The reason I ask is that the only way I can get to this switch via the management interface.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...