Creating A Vty Acl - Cisco Nexus 9000 Series Configuration Manual

Configuring IP ACLs

Creating a VTY ACL

You can configure a VTY ACL to control access to all IPv4 or IPv6 traffic over all VTY lines in the ingress
or egress direction.
Before you begin
Set identical restrictions on all the virtual terminal lines because a user can connect to any of them.
We recommend that you perform ACL configuration using the Session Manager. This feature allows you to
verify ACL configuration and confirm that the resources required by the configuration are available prior to
committing them to the running configuration, which is especially useful for ACLs that include more than
about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. {ip | ipv6} access-list name
3. {permit | deny} protocol source destination [log] [time-range time]
4. exit
5. line vty
6. {ip | ipv6} access-class name {in | out}
7. (Optional) show {ip | ipv6} access-lists
8. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2 {ip | ipv6} access-list name
Example:
switch(config)# ip access-list vtyacl
Step 3 {permit | deny} protocol source destination [log]
[time-range time]
Example:
switch(config-ip-acl)# permit tcp any any
Step 4 exit
Example:
switch(config-ip-acl)# exit
switch(config)#
Step 5
line vty
Example:
Purpose
Enters global configuration mode.
Creates an ACL and enters IP access list configuration mode
for that ACL. The maximum length for the name argument
is 64 characters.
Creates an ACL rule that permits TCP traffic from and to
the specified sources.
Exits IP access list configuration mode.
Specifies the virtual terminal and enters line configuration
mode.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Creating a VTY ACL
237