Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
2
Replies

CoPP ACL for SSH Subnet Filter

Go to solution
caiobomani
Level 1
Level 1

‎08-27-2019 10:23 AM

Hello everyone.

 

I'm new to NX-OS and there are a couple differences in order to filter management traffic.

 

Has anyone already filtered ssh inbound access based on source IP subnet?

 

I dont want to tweak any other CoPP parameters, just inbound ssh sessions.

 

Thanks,

 

Caio Bomani

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bobbycornetto
Level 1
Level 1

‎08-29-2019 12:38 PM

If you're talking about access-control policy, NX-OS works just like IOS. 

 

*

ip access-list MGMT_ACCESS

statistics per-entry

permit tcp 1.1.1.0/24 any eq 22

permit ip 2.3.4.5/32 any

 

line vty

ip access-class MGMT_ACCESS in

*

 

If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
bobbycornetto
Level 1
Level 1

‎08-29-2019 12:38 PM

If you're talking about access-control policy, NX-OS works just like IOS. 

 

*

ip access-list MGMT_ACCESS

statistics per-entry

permit tcp 1.1.1.0/24 any eq 22

permit ip 2.3.4.5/32 any

 

line vty

ip access-class MGMT_ACCESS in

*

 

If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.

 

0 Helpful

Go to solution
caiobomani
Level 1
Level 1
In response to bobbycornetto

‎09-02-2019 05:46 AM

Indeed that did the trick.

 

Thanks.

0 Helpful
Customers Also Viewed These Support Documents