alkemyst
No Lifer
The need was allow 4 VLANS only access to SSH until 6 bad login attempts. Then only allow 1 VLAN to access it for 360secs prior to reverting back to normal behavior.
The 'always' allowed VLAN is ip'd with 10.111.20.0/24
I am not sure if I reuse the ACL name in both the normal ACL and the quiet mode. This is beyond my training so far. I'd lab it up but my dynamips took a dump 🙁
The 'always' allowed VLAN is ip'd with 10.111.20.0/24
I am not sure if I reuse the ACL name in both the normal ACL and the quiet mode. This is beyond my training so far. I'd lab it up but my dynamips took a dump 🙁
Code:
crypto key generate rsa general-keys mod 2048
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 15
access-class sshAccess in
exec-timeout 30 0
logging synchronous level all limit 100
transport input ssh
transport output ssh
ip ssh source-interface vlan 444
ip source-interface vlan444
ip access-list extended sshAccess
permit tcp 10.111.1.0 0.0.0.255 eq 22 log
permit tcp 10.111.2.0 0.0.0.255 eq 22 log
permit tcp 10.111.4.0 0.0.0.255 eq 22 log
permit tcp 10.111.20.0 0.0.0.255 eq 22 log
deny tcp any any eq 22 log
login quiet-mode access-class sshAccess
access-list sshAccess permit 10.111.20.0 0.0.0.255
login block-for 360 attempts 6 within 100
login quiet-mode access-class sshAccess
