Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1773
Views
0
Helpful
1
Replies

Cisco 3850 Default CPP

YusifAlexis22
Level 1
Level 1

‎04-30-2020 07:51 AM

I am trying to implement a Control Plane Policy to my 3850 switch. Within this policy I want to restrict SSH access to the switch to only the loopback IP. I found documentation that the default CPP can't be removed. However, is it also not editable? I tried adding my configuration to the existing policy-map and ensured that my policy was at the top of the policy-map, but the traffic isn't being policed. 

 

Configuartion:

 

ip access-list extended Restrict_SSH

deny tcp any host 1.1.1.1 eq 22

permit tcp any any eq 22

deny ip any any

!

class-map match-all SSH

match access-group name Restrict_SSH

!

policy-map system-cpp-policy

sequence-interval 10

5 class SSH

drop

!

control-plane

service-policy input system-cpp-policy

Labels:
0 Helpful
1 Reply 1

marce1000
Hall of Fame
Hall of Fame

‎04-30-2020 09:03 AM

 

 - Check if this thread can help you :

               https://community.cisco.com/t5/network-management/restricting-telnet-ssh-access-to-loopback-address/td-p/1306161

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents