Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
743
Visites
0
Compliment
5
Réponses

Enable ssh on cisco nexus 5k Switch for a public ip addresses

starsulaiman
Level 1
Level 1

le ‎14-12-2023 04:20 AM

Hello All,

I have been asked to enable ssh on cisco nexus 5k for a specific public ip addresses.

I have never done that before can someone provides me the configurations, please.

I have below configs, and will this be correct? 

crypto key generate rsa usage-keys label ssh-key modulus 2048
!
feature ssh
!
interface g0
ip address 1.1.1.1 255.255.255.22
!
ssh version 2
ssh key rsa ssh-key
!
line ssh
exec-timeout 5 0
login local
!
username admin privilege 15 secret Admin123
enable secret Admin123
!
line vty 0 15
transport input ssh
!
write memory
!
show ssh
!
show ssh sessions
!

 

do i need to create ACL for it? if yes which interface should be applied? 

can i have an example please?

 

many thank you

Étiquettes :
0 Compliments
5 RÉPONSES 5

balaji.bandi
Hall of Fame
Hall of Fame

le ‎14-12-2023 04:47 AM

If you looking external IP address to access this device for SSH - make sure the Public IP able to reach the device IP (that is 1.1.1.1 - i am sure this is example IP not original one i guess ?)

below example for SSH to device :

 

ip access-list extended SSH_ACL

permit ip any host  x.x.x.x ( x.x.x.x is the Public IP address)

permit ip any x.x.x.x/24 (your network LAN)

!

line vty 0 15

access-class SSH_ACL in

transport input ssh

 

above config should work, make sure you also allow Internal Subnet (if not you only able to login using public IP)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Compliments

starsulaiman
Level 1
Level 1
En réponse à balaji.bandi

le ‎14-12-2023 04:54 AM

Hello Balaji,

 

thank you for the quick response.

a question please? dose below is my user lan network or my switch mgmt subnet network please

permit ip any x.x.x.x/24 (your network LAN) 

 

0 Compliments

balaji.bandi
Hall of Fame
Hall of Fame
En réponse à starsulaiman

‎14-12-2023 04:59 AM - modifié ‎14-12-2023 07:23 AM

You Lan IP address from that range of subnet you looking to access switch using SSH.

permit ip  x.x.x.x/24 any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Compliments

M02@rt37
VIP
VIP

le ‎14-12-2023 05:31 AM

Hello @starsulaiman,

You have to enable SSH on a Cisco Nexus 5000 Series switch and  you should restrict access to specific public IP addresses.

# Restrict SSH to specific IP addresses using an ACL
ip access-list ssh-acl
10 permit ip x.x.x.x./yy any
20 permit ip x.x.x.x./yy any
30 deny ip any any

# Apply the ACL to the VTY lines
line vty 0 15

login local
transport input ssh
access-class ssh-acl in

-------

I added an example ACL  to restrict SSH access to specific IP (source) addresses. Adjust the ACL entries based on your requirements. Apply this ACL to the VTY lines to restrict SSH access based on the ACL.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Compliments

MHM Cisco World
VIP
VIP

le ‎14-12-2023 07:47 AM

1-dont use extended use standard acl

2- the standard acl IP is the IP form which you can access 

3- you need 

Login local 

Or 

Password xxxx

Login 

To make vty accept ssh 

MHM

0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos Data Center
Customers Also Viewed These Support Documents