cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
761
Views
0
Helpful
1
Replies

Restrict SSH access to a interface

Weeltin
Level 1
Level 1

Topology:

Client <---> L2 <---> L3 <---> R1 <--- GRE ---> R2 <---> L3 <---> L2 <---> Client

The L3 is used as gateway on each VLAN, and is therefor doing intervlan routing.

VLAN topology on left side:

VLAN 10 - Client - 10.10.1.x

VLAN 20 - Server - 10.20.1.x

VLAN 30 - Voice - 10.30.1.x

VLAN 40 - MGT - 10.40.1.x

VLAN topology on left side:

VLAN 10 - Client - 10.10.2.x

VLAN 20 - Server - 10.20.2.x

VLAN 30 - Voice - 10.30.2.x

VLAN 40 - MGT - 10.40.2.x

Problem:

The L3 can be accessed with SSH on all the ip adresses assigned to the switch.

How can i restrict that access, so it only can be done on the ip adresse in VLAN40??

Any client should be able to SSH to any switch.

Things Tryed:

I have tryed adding a access-list on the left L3

access-list 99 permit 10.40.1.0 0.0.0.255

and assigning it to the VTY line.

line vty 0 4

access-class 99 in

Resulting in a connection refused on all addresses.

1 Reply 1

Weeltin
Level 1
Level 1

a gentle bump, in the hope that some guru will see it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco