EasyManua.ls Logo

Cisco Nexus 3600 NX-OS - Verifying Acls on VTY Lines; Configuration Examples for Acls on VTY Lines

Cisco Nexus 3600 NX-OS
154 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Verifying ACLs on VTY Lines
To display the ACL configurations on VTY lines, perform one of the following tasks:
PurposeCommand
Displays the running configuration of the ACLs configured
on the switch.
show running-config aclmgr
Displays the users that are connected.show users
Display the statistics per entry.
show access-lists access-list-name
Configuration Examples for ACLs on VTY Lines
The following example shows the connected users on the console line (ttyS0) and the VTY lines (pts/0 and
pts/1).
switch# show users
NAME LINE TIME IDLE PID COMMENT
admin ttyS0 Aug 27 20:45 . 14425 *
admin pts/0 Aug 27 20:06 00:46 14176 (172.18.217.82) session=ssh
admin pts/1 Aug 27 20:52 . 14584 (10.55.144.118)
The following example shows how to allow vty connections to all IPv4 hosts except 172.18.217.82 and how
to deny vty connections to any IPv4 host except 10.55.144.118, 172.18.217.79, 172.18.217.82, 172.18.217.92:
switch# show running-config aclmgr
!Time: Fri Aug 27 22:01:09 2010
version 5.0(2)N1(1)
ip access-list ozi
10 deny ip 172.18.217.82/32 any
20 permit ip any any
ip access-list ozi2
10 permit ip 10.55.144.118/32 any
20 permit ip 172.18.217.79/32 any
30 permit ip 172.18.217.82/32 any
40 permit ip 172.18.217.92/32 any
line vty
access-class ozi in
access-class ozi2 out
The following example shows how to configure the IP access list by enabling per-entry statistics for the ACL:
switch# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)# ip access-list ozi2
switch(config-acl)# statistics per-entry
switch(config-acl)# deny tcp 172.18.217.83/32 any
switch(config-acl)# exit
switch(config)# ip access-list ozi
switch(config-acl)# statistics per-entry
switch(config-acl)# permit ip 172.18.217.20/24 any
switch(config-acl)# exit
switch#
The following example shows how to apply the ACLs on VTY in and out directions:
switch(config)# line vty
switch(config-line)# ip access-class ozi in
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
99
Configuring IP ACLs
Verifying ACLs on VTY Lines

Table of Contents

Related product manuals