Reset Search



How do you restrict SSH access to VDX on all VE's?

« Go Back


TitleHow do you restrict SSH access to VDX on all VE's?
To restrict SSH access on VDX we need to apply Access List on all the VE interfaces. However we can achieve the same result if we apply a single Receive ACL on the Control Plane of the device.
Step 1: Configure an Access List allowing only the Hosts which should have access to the device.

ip access-list extended SSH
seq 10 permit tcp host any eq 22 (This is an example where I am only permitting ssh connections coming from
seq 20 hard-drop tcp any any eq 22 count
seq 30 permit ip any any

Step 2: Apply the Access list on the Control plane of the device so that it affects all the VE interfaces.

LAB(config)# rb 11
LAB(config-rbridge-id-11)# ip receive access-group SSH in

NOTE: This Receive Access List will only work for default-vrf and not the Management VRF. To restrict the ssh access on Management interface we will have to apply the same ACL on the Management interface.

Step 3: To apply the same ACL to the Management interface.

LAB(config)# interface Management 11/0
LAB(config-Management-11/0)# ip access-group SSH in
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255