Reset Search
 

 

Article

How do you restrict SSH access to VDX on all VE's?

« Go Back

Information

 
TitleHow do you restrict SSH access to VDX on all VE's?
Question
To restrict SSH access on VDX we need to apply Access List on all the VE interfaces. However we can achieve the same result if we apply a single Receive ACL on the Control Plane of the device.
Environment
Answer
Step 1: Configure an Access List allowing only the Hosts which should have access to the device.

ip access-list extended SSH
seq 10 permit tcp host 1.1.1.1 any eq 22 (This is an example where I am only permitting ssh connections coming from 1.1.1.1)
seq 20 hard-drop tcp any any eq 22 count
seq 30 permit ip any any


Step 2: Apply the Access list on the Control plane of the device so that it affects all the VE interfaces.

LAB(config)# rb 11
LAB(config-rbridge-id-11)# ip receive access-group SSH in
LAB(config-rbridge-id-11)#


NOTE: This Receive Access List will only work for default-vrf and not the Management VRF. To restrict the ssh access on Management interface we will have to apply the same ACL on the Management interface.

Step 3: To apply the same ACL to the Management interface.

LAB(config)# interface Management 11/0
LAB(config-Management-11/0)# ip access-group SSH in
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255