Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
119
Views
0
Helpful
0
Replies

WS-C3650 CoPP – Is it possible to add custom class-map to system-cpp-p

Ivan-Homola
Level 1
Level 1

‎05-27-2025 12:59 AM

Hi,

May I ask if there is any way to deploy my own class-map into the default system-cpp-policy?

I’m trying to restrict SSH connections to only one loopback address, and have all other IPs dropped.

On basic routers, I achieved this using an extended ACL that matches the specific loopback IP and denies the rest.
Then, I created a class-map using that ACL, a policy-map referencing the class-map, and finally applied it to the control-plane.

This worked successfully on an ISR4221/K9.

However, I'm facing issues with the same setup on a WS-C3650-24TS.

So my question is:
Is there any way to edit the default policy-map by adding my own class-map that includes an ACL restricting SSH connections?

Extended IP access list SSH_ONLY_LOOPBACK
10 deny tcp any host <ip address> eq 22
20 permit tcp any any eq 22

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents