cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
125
Views
0
Helpful
2
Replies
Highlighted
Beginner

CoPP ACL for SSH Subnet Filter

Hello everyone.

 

I'm new to NX-OS and there are a couple differences in order to filter management traffic.

 

Has anyone already filtered ssh inbound access based on source IP subnet?

 

I dont want to tweak any other CoPP parameters, just inbound ssh sessions.

 

Thanks,

 

Caio Bomani

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: CoPP ACL for SSH Subnet Filter

If you're talking about access-control policy, NX-OS works just like IOS. 

 

*

ip access-list MGMT_ACCESS

statistics per-entry

permit tcp 1.1.1.0/24 any eq 22

permit ip 2.3.4.5/32 any

 

line vty

ip access-class MGMT_ACCESS in

*

 

If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.

 

2 REPLIES 2
Beginner

Re: CoPP ACL for SSH Subnet Filter

If you're talking about access-control policy, NX-OS works just like IOS. 

 

*

ip access-list MGMT_ACCESS

statistics per-entry

permit tcp 1.1.1.0/24 any eq 22

permit ip 2.3.4.5/32 any

 

line vty

ip access-class MGMT_ACCESS in

*

 

If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.

 

Beginner

Re: CoPP ACL for SSH Subnet Filter

Indeed that did the trick.

 

Thanks.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards