05-01-2014 02:22 PM
I use fabric build from VDX6720 and VDX6740 switches. Few VDX are doing L3 inter-vlan routing. All is working just fine - but I need to restrict telnet/ssh access to switches. How I can apply Access-List to restrict telnet/ssh access to the boxes ?
We running NOS 4.1.2 and logical-chassis mode.
05-09-2014 05:04 AM
Default permit any.
Create an acl and bind it to your management interface:
On a management interface, the default action of "permit any" is inserted at the end of an ACL that
has been bound.
To bind an ACL to a management interface, perform the following steps from privileged EXEC mode.
1. Enter the configure terminal command to access global configuration mode.
switch# configure terminal
2. Enter interface management followed by the rbridge-id/port, the IP version, the access-group
name for the ACL you want to bind, and the binding direction (ingress or egress).
switch(config)# interface management 1/0
switch(config-Management-1/0)# ip access-group stdACL3 in
switch(config-Management-1/0)# ipv6 access-group stdV6ACL1 in
08-09-2014 07:25 PM
Good evening to all
You spoke about restrict telnet/ssh access through an access-list and apply it in management interface. And when i am managing my VDX6740 and VDX 6710 running NOS 4.1.2a through from another interface, per exemple TenGigabitEthernet rbid/0/1 ? The only way to restrict telnet/ssh access is apply a specific access-list on that interface ?