03-13-2024 08:42 PM
Hi trying to add this command to an asr1k but its not taking it:
ip receive access-list xx
The command is listed in the ISO XE best practises guide, if its not supported on this platform is there a better way to restrict management access to all self IP's on the device? Currently the problem is, if a new interface is added it will be accessible via ssh unless someone specifically adds it to an acl. (VTY access class only seems to support one acl, but we use both ipv4 and ipv6 so I we cannot mix the two in one acl)
03-13-2024 09:26 PM
I tested this on a 9300 so your milage may vary but under line vty there is also 'ipv6 access-class <name> in'
03-14-2024 04:18 AM
Hello @ryancisco01 ,
the IP receive ACL is an old feature that was used before introduction of CoPP Control Plane Policing
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide