07-20-2010 08:47 AM - edited 02-21-2020 04:01 AM
Hello all.
I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example. How can I remove telnet or SSH access from the other SVIs?
I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.
I imagine an access list just blocking the ports? What would you suggest?
Thanks in advance.
07-21-2010 10:45 AM
I believe ACLs on the SVIs are you only choice to limit the subnets that can ssh or telnet to your vlan SVIs.
I hope it helps.
PK
07-28-2010 11:38 PM
Hello all.
I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example. How can I remove telnet or SSH access from the other SVIs?
I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.
I imagine an access list just blocking the ports? What would you suggest?
Thanks in advance.
Hi,
If you have decided the source ip from where the telnet or ssh is allowed you can use access class configuration with acl applied on line vty which will only permit the particular host to telnet or ssh into device.
Following is the example for access class hope to help !!
The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the router:
access-list 12 permit 192.89.55.0 0.0.0.255
line 1 5
access-class 12 in
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide