Creating a VTY ACL
You can configure a VTY ACL to control access to all IPv4 or IPv6 traffic over all VTY lines in the ingress
or egress direction.
Before you begin
Set identical restrictions on all the virtual terminal lines because a user can connect to any of them.
We recommend that you perform ACL configuration using the Session Manager. This feature allows you to
verify ACL configuration and confirm that the resources required by the configuration are available prior to
committing them to the running configuration, which is especially useful for ACLs that include more than
about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. {ip | ipv6} access-list name
3. {permit | deny} protocol source destination [log] [time-range time]
4. exit
5. line vty
6. {ip | ipv6} access-class name {in | out}
7. (Optional) show {ip | ipv6} access-lists
8. (Optional) copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Creates an ACL and enters IP access list configuration mode
for that ACL. The maximum length for the name argument
is 64 characters.
{ip | ipv6} access-list name
Example:
switch(config)# ip access-list vtyacl
Step 2
Creates an ACL rule that permits TCP traffic from and to
the specified sources.
{permit | deny} protocol source destination [log]
[time-range time]
Example:
Step 3
switch(config-ip-acl)# permit tcp any any
Exits IP access list configuration mode.exit
Example:
Step 4
switch(config-ip-acl)# exit
switch(config)#
Specifies the virtual terminal and enters line configuration
mode.
line vty
Example:
Step 5
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
237
Configuring IP ACLs
Creating a VTY ACL
To Next Page
Loading...
