08-27-2019 10:23 AM
Hello everyone.
I'm new to NX-OS and there are a couple differences in order to filter management traffic.
Has anyone already filtered ssh inbound access based on source IP subnet?
I dont want to tweak any other CoPP parameters, just inbound ssh sessions.
Thanks,
Caio Bomani
Solved! Go to Solution.
08-29-2019 12:38 PM
If you're talking about access-control policy, NX-OS works just like IOS.
*
ip access-list MGMT_ACCESS
statistics per-entry
permit tcp 1.1.1.0/24 any eq 22
permit ip 2.3.4.5/32 any
line vty
ip access-class MGMT_ACCESS in
*
If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.
08-29-2019 12:38 PM
If you're talking about access-control policy, NX-OS works just like IOS.
*
ip access-list MGMT_ACCESS
statistics per-entry
permit tcp 1.1.1.0/24 any eq 22
permit ip 2.3.4.5/32 any
line vty
ip access-class MGMT_ACCESS in
*
If you're talking about QoS filtering SSH to protect your control-plane, that's more complicated, with different answers for 5K/7K vs the 9Ks.
09-02-2019 05:46 AM
Indeed that did the trick.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide