[c-nsp] Cisco 3750 - VTY ACL vrf-also
Saxon Jones
saxon.jones at gmail.com
Mon Aug 23 12:13:23 EDT 2010
I currently have an ACL that works as I want it to (allowing
management stations to SSH to any of its IP's regardless of VRF). It's
a regular 3750 (well a 3750G) so I don't know if that's different than
a 3750-ME:
floor2.mc#sh ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version
12.2(52)SE, RELEASE SOFTWARE (fc3)
...
floor2.mc#sh run | begin line vty
line vty 0 4
access-class mgmt_in in vrf-also
...
I use an extended ACL like the following, in case it makes a difference:
ip access-list extended mgmt_in
permit tcp X.X.X.X Y.Y.Y.Y any eq 22
-saxon
On 23 August 2010 09:45, Chris Mason <chris at noodles.org.uk> wrote:
> Hi,
>
> Quick question - has anyone successfully deployed an ACL to a VTY line
> on a 3750 that is managed from within a VRF?
> I have tried to apply the configuration using the "vrf-also" keyword
> and although the CLI takes it, the "vrf-also" keyword is missing from
> the configuration.
>
> Example configuration:
>
> line vty 0 4
> access-class LOG-IN in vrf-also
> !
>
> Without this keyword I am unable to login to the switch as the
> connection is refused - not that I have been able to apply the
> "vrf-also" keyword to test otherwise.
> It is a 3750-ME running 12.2(44)SE6.
>
> I know the 3750 has it's limitations, but this seems quite basic as I
> am left without the ability to apply an ACL on the VTY line.
>
> Thanks,
> Chris
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list