cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

218
Views
0
Helpful
1
Replies
Beginner

Restricting SSH access in XR IOS

I want to limit SSH access to a Cisco ASR 9k switch running IOS XR Software, Version 6.2.3

 

From this document https://tools.cisco.com/security/center/resources/increase_security_ios_xr_devices.html#18 ..I tried to limit the ability to SSH to the management IP of the switch. But after removing allow ssh management-plane/out-of-band/vrf management and replacing it with allow SSH peer/address ipv4 10.3.7.27 - I am still able to ssh from any random internal IP address. Is there more that needs to be configured to limit ssh access to the OOB management?

 

control-plane
management-plane
out-of-band
vrf management
interface all
allow SSH peer
address ipv4 10.3.7.27

 

ipv4 virtual address vrf management 172.17.17.7/24

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Restricting SSH access in XR IOS

I found the answer to this was to replace the interface all with interface mgmt.. - and apply the allow SSH peer address statements to belong to it (two actually).
1 REPLY 1
Highlighted
Beginner

Re: Restricting SSH access in XR IOS

I found the answer to this was to replace the interface all with interface mgmt.. - and apply the allow SSH peer address statements to belong to it (two actually).
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards