cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
246
Views
0
Helpful
5
Replies
Highlighted
Beginner

How to force the remote login to use Mgmt port only?

Hi All,

 

Would you like to tell me how to force the remote login to use Mgmt port only?

 

My IOS Version is 15.2(4)E7.

 

Thanks

BR

5 REPLIES 5
Highlighted
VIP Mentor

Hi

You want to allow ssh (and other protocols like scp, ftp...) only on your OOB management interface and no other interfaces?

If so, you can use the control-plane host with these commands (this is an example, modify it to match your requirements):

control-plane host
management-interface Fa0/0 allow ssh snmp scp ftp

Just to make sure this command is supported on your device, what device are you running?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

Hi Francesco,
My device is 2960XR, sorry that i can' find control-plane command in current IOS.
Thanks
Alex
Highlighted

Ok. Can you check if control-plane command is there?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

control-plane command isn't there...
Highlighted

Let's assume your management ip is 1.1.1.1

You can create an acl like
access-list 100 permit any host 1.1.1.1 eq 22
Then apply it on your lines like
Line vty 0 15
access-class 100 in

Not sure if it works on 2960xr. I know there was a bug with extended acl which has been corrected for routers.

If that doesn't work then you need to apply an acl on your L3 interfaces to deny inbound ssh and allow it just on your management.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Content for Community-Ad