Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
10
Helpful
3
Replies

vty access list

saikchak1
Level 1
Level 1

‎12-28-2012 06:07 AM

  Hi,

I am using a ASR9010 which currently has a vty access-list (it's an ipv4 access list ingress) only allowing certain ipv4 prefixes.

My question is, will a source address with an ipv6 address be allowed the vty access? If so how to stop it.

Currently the ASR9010 doesn't have any ipv6 configuration.

Best Regards

Saikat Chakraborty

Labels:
0 Helpful
3 Replies 3

Alexei Kiritchenko
Cisco Employee
Cisco Employee

‎12-28-2012 06:29 AM

Hello Saikat,

We should use Management Plane Protection instead of ACL on VTY. There you can simultaneously configure IPv4 and IPv6

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/security/configuration/guide/b_syssec_cg42asr9k_chapter_0100.html

Regards,

/A

saikchak1
Level 1
Level 1
In response to Alexei Kiritchenko

‎12-28-2012 06:49 AM

Hi A,

Thanks for your prompt reply, MPP feature was a good read. But my customer is always conservative about changing config in a production router though I will propose it to them.

In the mean time, will a ipv6 source address be able to bypass the vty ipv4 access-list (this is current config)?

Best Regards

Saikat Chakraborty

Note: the ipv4 access list allows certain ipv4 access list and also currently the router has no ipv6 configuration as only ipv4 is used.

0 Helpful

Alexei Kiritchenko
Cisco Employee
Cisco Employee
In response to saikchak1

‎12-28-2012 06:56 AM

VTY access-lists are either v4 or v6, no combinations are allowed,  so we can limit either v4 or v6 ingress but not both.

Regards,

/A

Customers Also Viewed These Support Documents