• November 23, 2020, 10:55:54 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Unable to restrict SSH for nortel425  (Read 2664 times)

0 Members and 1 Guest are viewing this topic.

Offline nortelhunt

  • Rookie
  • **
  • Posts: 23
Unable to restrict SSH for nortel425
« on: July 11, 2013, 05:07:26 AM »
Hi Experts,

I am using Nortel-425 FW:3.5.0.2 and SW:v3.6.3.05. I want to restrict the SSH access so that only defined IP can access the Switch.

currently it is working fine for telnet/web/SNMP but not for SSH. Even when i try to check the configuration i am not able to see SSH in conf. Output of ipmgr on config mode is shown below.

SW1(config)#ipmgr  ?

  snmp       Enable IP Manager control over SNMP traffic.
  source-ip  Set source IP address from which connections are allowed
  telnet     Enable IP Manager control over TELNET sessions.
  web        Enable IP Manager control over WEB connections.

config for switch mgmt is mention below

telnet-access disable
snmp-server enable
web-server disable
ipmgr telnet
ipmgr snmp
ipmgr web

now i confused if ssh is not available then why anyone can got access via ssh. how can i block this.


Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Unable to restrict SSH for nortel425
« Reply #1 on: July 11, 2013, 02:16:46 PM »
Our list:

ipmgr source-ip 1 10.80.0.0 mask 255.248.0.0
ipmgr source-ip 3 10.17.2.33 (it's assumed to be 255.255.255.255)
ipmgr source-ip 4 10.34.7.0 mask 255.255.255.0
ipmgr source-ip 5 10.16.249.136 (it's assumed to be 255.255.255.255)

So, all protocols are available, but only to/from these hosts.
We have not disabled http and telnet yet globally.  We do have SSL/SSH enabled.

TankII

Offline nortelhunt

  • Rookie
  • **
  • Posts: 23
Re: Unable to restrict SSH for nortel425
« Reply #2 on: July 12, 2013, 01:27:58 AM »
We have configured the IPmgr with specific IP. it is working for DM/Telnet/Web but not for ssh.

ipmgr source-ip 1 10.17.1.0 mask 255.255.255.252
ipmgr source-ip 2 10.17.2.33

now we want it should work with SSH too. We have disabled telnet/web so that specific ip can access it from SNMP/SSH. SNMP is working ok, means i can access it via Device manager from mentioned IP in IPMGR but it is not working for SSH. Anyone can access this switch via SSH.

I want to block this so that mentioned IP can access via SSH instead of anyone.

Offline TankII

  • Hero Member
  • *****
  • Posts: 556
Re: Unable to restrict SSH for nortel425
« Reply #3 on: July 12, 2013, 01:13:08 PM »
Have you checked to verify there are no statements like:
no ipmgr telnet

If you see those, the IP Manager entries won't have any affect.

TankII