Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssh access from only one physical interface

Hi Guys

I've set up ssh on my 3925 router and I would like to allow ssh access from only one physical interface. Is it possible to specify this kind of thing ?

Thanks a lot.

Best Regards,

Nicolas

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ssh access from only one physical interface

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

5 REPLIES

Re: ssh access from only one physical interface

Nicolas-

You bet!

3825-1(config)#ip ssh source-interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  GMPLS               MPLS interface
  GigabitEthernet     GigabitEthernet IEEE 802.3z
  LISP                Locator/ID Separation Protocol Virtual Interface
  Lex                 Lex interface
  LongReachEthernet   Long-Reach Ethernet interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  Port-channel        Ethernet Channel of interfaces
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  vmi                 Virtual Multipoint Interface

Hope that helps.

New Member

Re: ssh access from only one physical interface

Hi Collin,

Thanks for your quick answer, it helps a lot;

Best Regards,

Nicolas

New Member

Re: ssh access from only one physical interface

Hi Collin,

I replied a bit too fast last time. In fact, the answer you gave me it is not what I expect. Maybe I gave a wrong explanation of what I want to get.

So I would like to set up a ssh configuration in order to get a ssh connexion to the router only from one physical interface.

For example, I want to establish a ssh connexion to my router only from the interce fastethernet 0/0/1 and If I try from another interface it would reject the connexion.

Best Regards;

Nicolas

Re: ssh access from only one physical interface

I remember seeing a command in the release notes of 12.4T code somewhere, but I have not been able to find it since (I've been looking for it too). Until we find that command, an ACL on the interface is the only way to restrict it.

Hope that helps.

New Member

Re: ssh access from only one physical interface

Hi Collin,

Thank you for your reply. You're right I could use ACL to deny ssh access on

interfaces but I would prefer the command as you mentioned if you find back.

Thanks a lot

Best Regards,

Nicolas

797
Views
0
Helpful
5
Replies