Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
5
Helpful
5
Replies

How to force the remote login to use Mgmt port only?

Go to solution
Alex Wu
Level 1
Level 1

‎01-28-2019 07:18 PM - edited ‎03-08-2019 05:10 PM

Hi All,

 

Would you like to tell me how to force the remote login to use Mgmt port only?

 

My IOS Version is 15.2(4)E7.

 

Thanks

BR

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Alex Wu

‎01-28-2019 10:17 PM

Let's assume your management ip is 1.1.1.1

You can create an acl like
access-list 100 permit any host 1.1.1.1 eq 22
Then apply it on your lines like
Line vty 0 15
access-class 100 in

Not sure if it works on 2960xr. I know there was a bug with extended acl which has been corrected for routers.

If that doesn't work then you need to apply an acl on your L3 interfaces to deny inbound ssh and allow it just on your management.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-28-2019 08:01 PM

Hi

You want to allow ssh (and other protocols like scp, ftp...) only on your OOB management interface and no other interfaces?

If so, you can use the control-plane host with these commands (this is an example, modify it to match your requirements):

control-plane host
management-interface Fa0/0 allow ssh snmp scp ftp

Just to make sure this command is supported on your device, what device are you running?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Alex Wu
Level 1
Level 1
In response to Francesco Molino

‎01-28-2019 08:42 PM

Hi Francesco,
My device is 2960XR, sorry that i can' find control-plane command in current IOS.
Thanks
Alex
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Alex Wu

‎01-28-2019 09:30 PM

Ok. Can you check if control-plane command is there?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Alex Wu
Level 1
Level 1
In response to Francesco Molino

‎01-28-2019 09:48 PM

control-plane command isn't there...
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Alex Wu

‎01-28-2019 10:17 PM

Let's assume your management ip is 1.1.1.1

You can create an acl like
access-list 100 permit any host 1.1.1.1 eq 22
Then apply it on your lines like
Line vty 0 15
access-class 100 in

Not sure if it works on 2960xr. I know there was a bug with extended acl which has been corrected for routers.

If that doesn't work then you need to apply an acl on your L3 interfaces to deny inbound ssh and allow it just on your management.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card