cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
0
Helpful
1
Replies
Highlighted
Beginner

Nexus 1110 - How to restrict VTY access ?

Hi,

I am trying to lock down a Nexus 1110 to only allow specific hosts access via VTY.

I have created the access-list, however there does not appear to be an option to apply the list to the VTY lines.

Here is what I mean:

IP access list SNMP_RO/SSH

        10 permit ip x.x.x.x/32 y.y.y.y/32

<SNIP>

HOST1(config)#line vty

HOST1(config-line)# ?
  exec-timeout   Configure exec timeout
  no             Negate a command or set its defaults
  session-limit  Set the max no of concurrent vsh sessions
  end            Go to exec mode
  exit           Exit from command interpreter
  pop            Pop mode from stack or restore from name
  push           Push current mode to stack or save it under name
  where          Shows the cli context you are in

HOST1(config-line)#

I am guessing that class-maps might be the way forward, but want to understand if there are other options?

                  

Software

  loader:    version unavailable [last: loader version not available]

  kickstart: version 4.2(1)SP1(5.1a)

  system:    version 4.2(1)SP1(5.1a)

  kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin

  kickstart compile time:  10/25/2012 11:00:00 [10/25/2012 21:52:53]

  system image file is:    bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.binSoftware
  loader:    version unavailable [last: loader version not available]
  kickstart: version 4.2(1)SP1(5.1a)
  system:    version 4.2(1)SP1(5.1a)
  kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin
  kickstart compile time:  10/25/2012 11:00:00 [10/25/2012 21:52:53]
  system image file is:    bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.bin

Everyone's tags (5)
1 REPLY 1
Cisco Employee

Nexus 1110 - How to restrict VTY access ?

Hello,

You can apply the access group to mgmt0 interface. Keep in mind that the ACL needs to keep open:

-TCP 80/443 for vCenter

-UDP 4785 for SVS L3 mode

-ICMP, etc.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards