This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Blocking SSH access to most layer 3 interfaces.

Blocking SSH access to most layer 3 interfaces.

Nick_Stovall
New Contributor

‎12-08-2017 05:30 PM

By default, enabling SSH enables you to SSH into a switch via any L3 interface on that switch. I'd like to limit access to only one specific IP address on this switch (x670).

The "configure ssh2 access-profile" command is gimped in that it only accepts "source-address" as a match condition in its ACL.

Is my only option here to create an ACL that blocks ssh to each IP address on the switch explicitly, then apply that to each VLAN interface?

0 Kudos
5 REPLIES 5

Patrick_Voss
Extreme Employee

‎12-08-2017 05:34 PM

Nick,

I am not sure I understand your request. It sounds like you want to only allow a switch to SSH into other switches? Regardless the access profile being configured on EVERY switch in the network should only allow the IP-address you put into the ACL.
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN