ip ssh strict-management-vrf
-
- Last UpdatedJul 02, 2019
- 1 minute read
Allows incoming SSH connection requests only from the management VRF and not from the out-of-band (OOB) management port.
When the management VRF is configured, incoming SSH connection requests are allowed from the ports that belong to the management VRF and from the OOB management port.
Global configuration mode
The ip ssh strict-management-vrf command is applicable only when the management VRF is configured. If a management VRF is not configured, configuring the ip ssh strict-management-vrf command displays an error message.
The ip ssh strict-management-vrf command does not prevent a connection initiated from the OOB management interface if the management interface VRF and the management VRF are the same. The user must configure either the management exclude all oob command or the management exclude ssh oob command.
For the SSH server, changing the management VRF configuration or configuring the ip ssh strict-management-vrf command does not affect the existing SSH connections. The changes are applied only to new incoming connection requests.
The ip ssh strict-management-vrf command and the management exclude commands are mutually exclusive. If the latter command is configured, outbound SSH connections are not blocked.
The no form of the command enables the incoming SSH connection requests from ports that belong to the management VRF and from the OOB management port.
The following example allows incoming SSH connection requests from the management VRF only.
device(config)# ip ssh strict-management-vrf| Release version | Command history |
|---|---|
| 08.0.50 | The Usage Guidelines were modified. |