Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restrict SSH access to a interface

Topology:

Client <---> L2 <---> L3 <---> R1 <--- GRE ---> R2 <---> L3 <---> L2 <---> Client

The L3 is used as gateway on each VLAN, and is therefor doing intervlan routing.

VLAN topology on left side:

VLAN 10 - Client - 10.10.1.x

VLAN 20 - Server - 10.20.1.x

VLAN 30 - Voice - 10.30.1.x

VLAN 40 - MGT - 10.40.1.x

VLAN topology on left side:

VLAN 10 - Client - 10.10.2.x

VLAN 20 - Server - 10.20.2.x

VLAN 30 - Voice - 10.30.2.x

VLAN 40 - MGT - 10.40.2.x

Problem:

The L3 can be accessed with SSH on all the ip adresses assigned to the switch.

How can i restrict that access, so it only can be done on the ip adresse in VLAN40??

Any client should be able to SSH to any switch.

Things Tryed:

I have tryed adding a access-list on the left L3

access-list 99 permit 10.40.1.0 0.0.0.255

and assigning it to the VTY line.

line vty 0 4

access-class 99 in

Resulting in a connection refused on all addresses.

1 REPLY
New Member

Restrict SSH access to a interface

a gentle bump, in the hope that some guru will see it.

253
Views
0
Helpful
1
Replies