Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2031
Views
0
Helpful
1
Replies

Restricting SSH access in XR IOS

Go to solution
Michael Medwid
Level 1
Level 1

‎03-09-2019 11:30 AM

I want to limit SSH access to a Cisco ASR 9k switch running IOS XR Software, Version 6.2.3

 

From this document https://tools.cisco.com/security/center/resources/increase_security_ios_xr_devices.html#18 ..I tried to limit the ability to SSH to the management IP of the switch. But after removing allow ssh management-plane/out-of-band/vrf management and replacing it with allow SSH peer/address ipv4 10.3.7.27 - I am still able to ssh from any random internal IP address. Is there more that needs to be configured to limit ssh access to the OOB management?

 

control-plane
management-plane
out-of-band
vrf management
interface all
allow SSH peer
address ipv4 10.3.7.27

 

ipv4 virtual address vrf management 172.17.17.7/24

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Michael Medwid
Level 1
Level 1

‎03-10-2019 12:05 AM

I found the answer to this was to replace the interface all with interface mgmt.. - and apply the allow SSH peer address statements to belong to it (two actually).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Michael Medwid
Level 1
Level 1

‎03-10-2019 12:05 AM

I found the answer to this was to replace the interface all with interface mgmt.. - and apply the allow SSH peer address statements to belong to it (two actually).
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card