Cisco Community
English
Register
Cisco Community Events are getting a new name! LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
814
Views
10
Helpful
3
Replies
Highlighted
saikchak1
saikchak1 Beginner
Beginner
‎12-28-2012 06:07 AM
‎12-28-2012 06:07 AM

vty access list

  Hi,

I am using a ASR9010 which currently has a vty access-list (it's an ipv4 access list ingress) only allowing certain ipv4 prefixes.

My question is, will a source address with an ipv6 address be allowed the vty access? If so how to stop it.

Currently the ASR9010 doesn't have any ipv6 configuration.

Best Regards

Saikat Chakraborty

0 Helpful
Reply
3 REPLIES 3
Alexei Kiritchenko
Alexei Kiritchenko Cisco Employee
Cisco Employee
‎12-28-2012 06:29 AM
‎12-28-2012 06:29 AM

vty access list

Hello Saikat,

We should use Management Plane Protection instead of ACL on VTY. There you can simultaneously configure IPv4 and IPv6

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/security/configuration/guide/b_syssec_cg42asr9k_chapter_0100.html

Regards,

/A

Reply
saikchak1
saikchak1 Beginner
Beginner
‎12-28-2012 06:49 AM
‎12-28-2012 06:49 AM

vty access list

Hi A,

Thanks for your prompt reply, MPP feature was a good read. But my customer is always conservative about changing config in a production router though I will propose it to them.

In the mean time, will a ipv6 source address be able to bypass the vty ipv4 access-list (this is current config)?

Best Regards

Saikat Chakraborty

Note: the ipv4 access list allows certain ipv4 access list and also currently the router has no ipv6 configuration as only ipv4 is used.

0 Helpful
Reply
Alexei Kiritchenko
Alexei Kiritchenko Cisco Employee
Cisco Employee
‎12-28-2012 06:56 AM
‎12-28-2012 06:56 AM

vty access list

VTY access-lists are either v4 or v6, no combinations are allowed,  so we can limit either v4 or v6 ingress but not both.

Regards,

/A

Reply
Latest Contents
NCS5500 general health check CLI's and expectations
Created by arajhans on 06-18-2019 11:21 AM
0
15
0
15
XR-vm - CLI's Description show context  look for any process crash, review time stamp[if it is too old, then no immediate action needed] show redundancy verify if standby state  is Ready and NSR-Ready show proc cpu | exclude " 0%" ... view more
Conditional Route advertisement
Created by xthuijs on 06-13-2019 11:26 AM
0
10
0
10
Symptoms It's been a long standing ask for XR to support conditional route advertisements in BGP. The expected option of using the             if rib-has-route option in RPL currently can only be used at the default-inf... view more
IOS-XR QoS ECN feature on NCS5500
Created by arajhans on 05-31-2019 10:25 AM
0
0
0
0
On IOS-XR, Quality of Service has an extension to WRED (Weighted Random Early Detection) called Explicit Congestion Notification (ECN). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When c... view more
Pre-Defined NAT White Paper
Created by pulatha on 05-17-2019 02:25 AM
0
5
0
5
Technical Guide to Pre-Defined NAT. Abstract In traditional NAT, due to the government regulations logging the CGN translations is mandatory and this is a huge cost incurrence. In Pre-defined NAT, the translations are known upfront, hence there is no nee... view more
ASR9K Line Card ECMP Hashing
Created by pewang on 05-08-2019 02:23 PM
0
0
0
0
 
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
August's Community Spotlight Awards