Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
2
Replies

Cisco 9200 as WAN Switch - ACL and VRF

chipobhoem
Level 1
Level 1

‎02-08-2024 10:12 PM

Quick question and best approach to this. We use Cisco Catalyst 9200 as WAN switch with internal Management connection (on MGMT port of course lol). We plan to use ACL for external and internal SSH access only. Should we have two separate ACL (one for external access and another for internal VRF access) or just use one ACL for both and include "also VRF" on the vty SSH access-list configuration? What is everyone school of thought. Thanks.

router login 192.168.l.l
Labels:
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎02-08-2024 10:20 PM

I dont think you can add more than one Access-list (without vrf aware) under the vty 
so you can add one ACL for user in vrf mgmt to access SW internally 

Line vty 0 4
Access-class acl-1 in vrfname mgmt

and for external use the ACL in interface. 
MHM 

0 Helpful

liviu.gheorghe
VIP
VIP

‎02-09-2024 12:19 AM

I would go with two access lists. one for the GRT and one for VRF:

line vty 0 4
access-class acl-2 in
access-class acl-1 in vrfname mgmt

 

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents