Hi,
I am trying to lock down a Nexus 1110 to only allow specific hosts access via VTY.
I have created the access-list, however there does not appear to be an option to apply the list to the VTY lines.
Here is what I mean:
IP access list SNMP_RO/SSH
10 permit ip x.x.x.x/32 y.y.y.y/32
<SNIP>
HOST1(config)#line vty
HOST1(config-line)# ?
exec-timeout Configure exec timeout
no Negate a command or set its defaults
session-limit Set the max no of concurrent vsh sessions
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in
HOST1(config-line)#
I am guessing that class-maps might be the way forward, but want to understand if there are other options?
Software
loader: version unavailable [last: loader version not available]
kickstart: version 4.2(1)SP1(5.1a)
system: version 4.2(1)SP1(5.1a)
kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin
kickstart compile time: 10/25/2012 11:00:00 [10/25/2012 21:52:53]
system image file is: bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.binSoftware
loader: version unavailable [last: loader version not available]
kickstart: version 4.2(1)SP1(5.1a)
system: version 4.2(1)SP1(5.1a)
kickstart image file is: bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.5.1a.bin
kickstart compile time: 10/25/2012 11:00:00 [10/25/2012 21:52:53]
system image file is: bootflash:/nexus-1010-mz.4.2.1.SP1.5.1a.bin