cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
122
Views
0
Helpful
3
Replies
Beginner

ASR - Restrict SSH access to management-interface (gi0)

Hello,

 

I have an ASR router with multiple IP interfaces.  Is there any way to restrict SSH access to the management interface only (gigabit 0)?  As of now the router is reachable via any of the IP interfaces.  I know I can create access-lists an apply it to the interfaces, however there's a limitation in which the destination address in the ACL is not checked, therefore I'd be denying any SSH traffic ingress.

 

Thanks,

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: ASR - Restrict SSH access to management-interface (gi0)

I believe that you are talking about trying to use access-class on the vty with an extended access list. And it is true that using an extended access list that way does not check the destination address. I believe that there is a solution for your requirement using control plane policing, which I assume is supported on your platform. Here is a discussion about that which I hope you will find helpful:

https://community.cisco.com/t5/switching/restrict-ssh-and-telent-to-single-svi/td-p/2465495

 

HTH

 

Rick

Beginner

Re: ASR - Restrict SSH access to management-interface (gi0)

Unable to assign a service-policy to the control plane, and unable to set the control-plane management-interface to the Gigabit0 interface.

Hall of Fame Master

Re: ASR - Restrict SSH access to management-interface (gi0)

When I found that discussion I hoped that it would be the solution for your requirements. Sorry that it does not work on your ASR. But the more I look at the documentation for control plane policing the less confident I am that it was the optimum solution. Perhaps what we are looking for is the management plane protection. I hope this link will provide helpful information about this:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-16/qos-plcshp-xe-16-book/qos-plcshp-mgt-pln-prt.html#task_1056386

 

HTH

 

Rick

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards