Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: How Do I Access VTY Lines in CLI?

 
Highlighted
Occasional Visitor

How Do I Access VTY Lines in CLI?

I am currently in the process of creating an admin VLAN to keep users from accessing our network gear, specifically via SSH. So far on our Cisco gear I planned to create an ACL and apply it to the line vty interface to keep anyone who isn't on the admin VLAN from gaining access. Do Procurve switches not have VTY interfaces? I can't find it for the life of me.

If they don't would anyone have suggestions on how to go about doing this? I guess I can do port based VLANs but wanted to avoid doing so.

 

Thanks!

1 REPLY 1
Highlighted
Respected Contributor

Re: How Do I Access VTY Lines in CLI?

Nope, VTY interfaces do not exist. If you want to allow all users in the admin VLAN to access the devices, just define that VLAN as Secure Management VLAN with command

switch(config)# management-vlan 1

The FW won't allow routing in or out of the Mgmt VLAN, so only devices in VLAN 1 would in this case be able to access. You can make it even more restrictive by using authorized managers. Command

switch(config)# ip authorized-managers 10.10.10.11 

will allow only IP address 10.10.10.11 manage the device. From the top of my head I don't remember a limitation on how many authorized managers you can configure. If there is a limit, you should find it in Access Security Guide.

Of course you can create separate operator and manager passwords. Operators can only view the device status, managers can, well, manage it.

 


HTH,

Arimo
HPE Networking Engineer