09-03-2019 06:52 AM
I've not had much experience with access lists and from what I've researched you can screw things up rapidly if not done correctly. Which is why i'm here.
I've been charged with creating an access to deny SSL to management ports for everything except a small list of IP's.
An example would be great but any help with links to the proper documentation would be awesome as well.
Thanks in advance for the help
09-03-2019 07:03 AM - edited 09-03-2019 07:06 AM
Hi there,
What you need is an ACL applied to your VTY lines, which permits traffic only from hosts in your management subnet. Something like:
! access-list 10 permit <mgmt_subnet_id> <netmask> ! line vty 0 15 access-class 10 in transport input ssh transport output ssh !
cheers,
Seb.
09-03-2019 10:30 AM
By SSL do you mean you have the http server enabled on the router and you want to limit access via http? If so, you will need ip http access-class <access-list-number>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide