Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4011
Views
7
Helpful
5
Replies

How to configure ACL in vty cisco SDWAN on Vmanage

boythanhdat_2012
Level 1
Level 1

‎11-19-2019 08:19 PM

Hi all,

 

I want to configure ACL for vty of SDWAN OS Router.

 

I can create ACL in Localized Policy but can't find where to apply this ACL on Vmanage template.

 

Please help me to find this feature.

 

Thanks!

Labels:
0 Helpful
5 Replies 5

RohitRaj03827
Spotlight
Spotlight

‎11-23-2019 09:38 PM

Hi,

Apply a Localized Data Policy in a Device Template:-

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. If you are creating a new device template:
    1. In the Device tab, click Create Template.
    2. From the Create Template drop-down, select From Feature Template.
    3. From the Device Model drop-down, select one of the vEdge devices.
    4. In the Template Name field, enter a name for the device template. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
    5. In the Description field, enter a description for the device template. This field is mandatory, and it can contain any characters and spaces.
    6. Continue with Step 4.
  3. If you are editing an existing device template:
    1. In the Device tab, click the More Actions icon to the right of the desired template, and click the pencil icon.
    2. Click the Additional Templates tab. The screen scrolls to the Additional Templates section.
    3. From the Policy drop-down, select the name of a policy that you have configured.
  4. Click the Additional Templates tab located directly beneath the Description field. The screen scrolls to the Additional Templates section.
  5. From the Policy drop-down, select the name of the policy you configured in the above procedure.
  6. Click Create (for a new template) or Update (for an existing template).

===================================================================================

This is how you can apply policy to vSmart by creating device template.

=============================================================================

Let me know if you have still issue, i will write another post with one example with screenshot.

=====================================================================================

Kindly hit helpful button and mark as solve if this post has helped you.

==================================================================

 

Regards,

Rohit Raj

 

 

Regards,
Rohit Raj
0 Helpful

boythanhdat_2012
Level 1
Level 1
In response to RohitRaj03827

‎11-23-2019 11:21 PM - edited ‎11-23-2019 11:23 PM

Hi,

 

My question is How to configure ACL in VTY, not how configure ACL. (Keyword is VTY).

 

Of course, we can apply ACL in interface for workarround, but not recommend.

 

I aslo opened TAC and TAC confirmed no option for this function.

 

Thanks!

 

 

0 Helpful

rushikesh88
Level 1
Level 1
In response to boythanhdat_2012

‎11-26-2020 09:12 AM

I want to know if you got the solution for applying ACL on line VTY through any Template?

I'm also looking for the same.

0 Helpful

AdanRuchir
Cisco Employee
Cisco Employee
In response to rushikesh88

‎03-12-2021 03:41 PM

You can check this link on the Device Access Policy section:

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-16/policies-book-xe.pdf

 

with this policy, it will check the attempts to access from unwanted traffic on the control plane.

0 Helpful

BOGDAN OVIDIU STANCIU
Level 1
Level 1
In response to rushikesh88

‎05-18-2021 06:25 AM

Hi all,

I had the same issue these days and the solution is:

- In Configuration/Policies you go right-top-corner and choose Access Control List;

- Choose Add Device Access Policy (permit_ssh);

      - Add ACL Seq: 

                 - Match Conditions: SSH and Source Data Prefix List <my_jump_server_IP/32>

                  - Actions: Enable

             - Default Action: Drop Enabled

        - Save, Save

- Go back to Configuration/Policies/Localized Policy:

    - Add Policy;

    - Next, Next until Configure Access Control Lists step;

        - Add Device Access Policy (created previously: permit_ssh);

        - Next, Next; Check Implicit ACL Logging and I've added Log Frequency 2;

        -Save Policy (permit_ssh_Policy).

Now that the policy is created go on Router Template and in Additional Template tab, at Policy, choose the one you've just created (permit_ssh_Policy) and Update.

The configuration that is about to be pushed to router will be like this:

ip access-list extended test-acl-22
10 permit tcp 192.168.1.1 0.0.0.0 any eq 22
20 deny tcp any any eq 22
!
line vty 0 4
access-class test-acl-22 in vrf-also
!
line vty 5 80
access-class test-acl-22 in vrf-also
!
policy
no app-visibility
no flow-visibility
implicit-acl-logging
log-frequency 2
!

That is how it worked for me.

 

Cheers,

Bogdan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents