Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1784
Views
0
Helpful
3
Replies

Nexus 1000v - line vty & access-class

Go to solution
samir iguedelane
Level 1
Level 1

‎10-05-2012 03:05 AM

Hello,

We need to  install acess list on VTY on nexus 1000v to limit the access .the problem is i do n'ot see the access -class option under line VTY (just like the N5K).

We are in the last version : " version 4.2(1)SV1(5.2)"

***********************************************************

Nexus1000V(config)# line vty

Nexus1000V(config-line)# ?
  exec-timeout   Configure exec timeout
  no             Negate a command or set its defaults
  session-limit  Set the max no of concurrent vsh sessions
  end            Go to exec mode
  exit           Exit from command interpreter
  pop            Pop mode from stack or restore from name
  push           Push current mode to stack or save it under name
  where          Shows the cli context you are in

Nexus1000V(config-line)#

*********************************************************************

Is this option supported ?

Thanks in advance

Samir.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
eric.long
Level 1
Level 1

‎10-05-2012 01:38 PM

You can apply an ACL to the mgmt0 interface to control management access like this:

interface mgmt0

ip access-group MGMT_ACL in

View solution in original post

0 Helpful
3 Replies 3

Go to solution
eric.long
Level 1
Level 1

‎10-05-2012 01:38 PM

You can apply an ACL to the mgmt0 interface to control management access like this:

interface mgmt0

ip access-group MGMT_ACL in

0 Helpful

Go to solution
samir iguedelane
Level 1
Level 1
In response to eric.long

‎10-08-2012 02:26 AM

Hello Eric,

Thank you very much for you feedback. That is a good workaround indeed.

I suppose I will need (along with the SSH allowed networks) to add in the ACL vCenter in order to keep the connection UP and all traffic needed to communicate with the mgmt0 interface (we are in L2 mode)

Best regards.


0 Helpful

Go to solution
m.o.andersson_2
Level 1
Level 1

‎08-21-2014 03:40 AM

Long time since this thread was active, but i googled and found it so i just wanted to add my experience.

Adding an ACL to the interface is a work around, yes. But problem is that all traffic will be blocket not only Telnet/SSH and SNMP. Also when changing the the ACL you need to remove it from the interface first not to block yourself out from the switch. When you make a script updating a ACL i usually start with "no ip access-list xx", when adding it again the first line will be deny all... This will not happen when adding it to line vty. So just be careful when using.

 

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents