Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
2
Replies

Access list to limit SSL to management Interfaces

swinney23
Level 1
Level 1

‎09-03-2019 06:52 AM

I've not had much experience with access lists and from what I've researched you can screw things up rapidly if not done correctly. Which is why i'm here.

 

I've been charged with creating an access to deny SSL to management ports for everything except a small list of IP's.

 

An example would be great but any help with links to the proper documentation would be awesome as well.

 

Thanks in advance for the help

Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎09-03-2019 07:03 AM - edited ‎09-03-2019 07:06 AM

Hi there,

What you need is an ACL applied to your VTY lines, which permits traffic only from hosts in your management subnet. Something like:

!
access-list 10 permit <mgmt_subnet_id> <netmask>
!
line vty 0 15
  access-class 10 in
  transport input ssh
  transport output ssh
!

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-data-acl-12-4t-book/sec-cntrl-acc-vtl.html#GUID-FB4108B9-4435-43D2-83FC-9E9FB75F079F

 

cheers,

Seb.

0 Helpful

user1024
Level 1
Level 1

‎09-03-2019 10:30 AM

By SSL do you mean you have the http server enabled on the router and you want to limit access via http? If so, you will need ip http access-class <access-list-number>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card