Hi,

I am trying to lock down a Nexus 1110 to only allow specific hosts access via VTY.

I have created the access-list, however there does not appear to be an option to apply the list to the VTY lines.

Here is what I mean:

IP access list SNMP_RO/SSH

        10 permit ip x.x.x.x/32 y.y.y.y/32

<SNIP>

HOST1(config)#line vty

HOST1(config-line)# ?
  exec-timeout   Configure exec timeout
  no             Negate a command or set its defaults
  session-limit  Set the max no of concurrent vsh sessions
  end            Go to exec mode
  exit           Exit from command interpreter
  pop            Pop mode from stack or restore from name
  push           Push current mode to stack or save it under name
  where          Shows the cli context you are in

HOST1(config-line)#

I am guessing that class-maps might be the way forward, but want to understand if there are other options?

Software

  loader:    version unavailable [last: loader version not available]

  kickstart: version 4.2(1)SP1(5.1a)

  system:    version 4.2(1)SP1(5.1a)

  kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin

  kickstart compile time:  10/25/2012 11:00:00 [10/25/2012 21:52:53]

  system image file is:    bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.binSoftware
  loader:    version unavailable [last: loader version not available]
  kickstart: version 4.2(1)SP1(5.1a)
  system:    version 4.2(1)SP1(5.1a)
  kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin
  kickstart compile time:  10/25/2012 11:00:00 [10/25/2012 21:52:53]
  system image file is:    bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.bin