Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
0
Helpful
5
Replies
Highlighted
Alex Wu
Beginner
Beginner
‎01-28-2019 07:18 PM
‎01-28-2019 07:18 PM

How to force the remote login to use Mgmt port only?

Hi All,

 

Would you like to tell me how to force the remote login to use Mgmt port only?

 

My IOS Version is 15.2(4)E7.

 

Thanks

BR

Labels:
0 Helpful
Reply
5 REPLIES 5
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
‎01-28-2019 08:01 PM
‎01-28-2019 08:01 PM

Hi

You want to allow ssh (and other protocols like scp, ftp...) only on your OOB management interface and no other interfaces?

If so, you can use the control-plane host with these commands (this is an example, modify it to match your requirements):

control-plane host
management-interface Fa0/0 allow ssh snmp scp ftp

Just to make sure this command is supported on your device, what device are you running?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Reply
Highlighted
Alex Wu
Beginner
Beginner
In response to Francesco Molino
‎01-28-2019 08:42 PM
‎01-28-2019 08:42 PM

Hi Francesco,
My device is 2960XR, sorry that i can' find control-plane command in current IOS.
Thanks
Alex
0 Helpful
Reply
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to Alex Wu
‎01-28-2019 09:30 PM
‎01-28-2019 09:30 PM

Ok. Can you check if control-plane command is there?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Reply
Highlighted
Alex Wu
Beginner
Beginner
In response to Francesco Molino
‎01-28-2019 09:48 PM
‎01-28-2019 09:48 PM

control-plane command isn't there...
0 Helpful
Reply
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to Alex Wu
‎01-28-2019 10:17 PM
‎01-28-2019 10:17 PM

Let's assume your management ip is 1.1.1.1

You can create an acl like
access-list 100 permit any host 1.1.1.1 eq 22
Then apply it on your lines like
Line vty 0 15
access-class 100 in

Not sure if it works on 2960xr. I know there was a bug with extended acl which has been corrected for routers.

If that doesn't work then you need to apply an acl on your L3 interfaces to deny inbound ssh and allow it just on your management.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Reply
Latest Contents
Cisco DNA Center Resources
Created by traviwil on 01-15-2021 03:59 PM
4
43
4
43
Cisco DNA Center Get Started Automation Assurance Platform AI/ML Deployment Support   Get Started What's new in Cisco DNA Center 2.1.2 Cisco DNA Center 2.1.2.x Features and Capabilities Cisco DNA Center -Intent Based Networki... view more
xFSU on Catalyst 9300: The Always-On Access Network
Created by arubhat on 01-15-2021 03:08 AM
0
0
0
0
A major international airport is looking to build a cutting-edge new terminal, designed to run 24/7 with no interruptions. With the airport always on round the clock, a critical component required to support this is the surveillance infrastructure, which ... view more
Automated workaround for CSCvw63161
Created by Jeffrey Keown on 01-14-2021 03:16 PM
0
5
0
5
 
Host 0000.0000.0101 in vlan 1 is flapping between port Gi1/0...
Created by Alfredo Pippo on 01-14-2021 07:32 AM
2
0
2
0
Dear expert,I am facing an issue which you may come across before. Grateful if you would teach me how to do it.I have a Cisco WS-C3650-24TS switch in MZ which I would like to configure so that on the GigabitEthernet1 / 0/1 portis configured with VLAN 100,... view more
Top of rack switch selection - RJ45, Cat9k or Nexus
Created by carl_townshend on 01-14-2021 01:21 AM
2
0
2
0
Hi AllWe are looking at some new switches for our top of racks in our DC.We have looked at the 9300 series UX models with the big buffers which is classed as a high scale model.I have tried to look at some Nexus models for top of rack, but there appears t... view more
Content for Community-Ad