cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
826
Views
10
Helpful
3
Replies
Beginner

vty access list

  Hi,

I am using a ASR9010 which currently has a vty access-list (it's an ipv4 access list ingress) only allowing certain ipv4 prefixes.

My question is, will a source address with an ipv6 address be allowed the vty access? If so how to stop it.

Currently the ASR9010 doesn't have any ipv6 configuration.

Best Regards

Saikat Chakraborty

3 REPLIES 3
Cisco Employee

vty access list

Hello Saikat,

We should use Management Plane Protection instead of ACL on VTY. There you can simultaneously configure IPv4 and IPv6

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/security/configuration/guide/b_syssec_cg42asr9k_chapter_0100.html

Regards,

/A

Beginner

vty access list

Hi A,

Thanks for your prompt reply, MPP feature was a good read. But my customer is always conservative about changing config in a production router though I will propose it to them.

In the mean time, will a ipv6 source address be able to bypass the vty ipv4 access-list (this is current config)?

Best Regards

Saikat Chakraborty

Note: the ipv4 access list allows certain ipv4 access list and also currently the router has no ipv6 configuration as only ipv4 is used.

Highlighted
Cisco Employee

vty access list

VTY access-lists are either v4 or v6, no combinations are allowed,  so we can limit either v4 or v6 ingress but not both.

Regards,

/A

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards