And to follow up on my own question, am I just filtering at different points?
So, option 1: filter SSH via transport input statement and ACL on VTY filter SNMP via ACL on snmp-group Or option 2: filter all via CoPPs policy But doing both is redundant correct? Trying to understand the difference between an VTY ACL and a CoPPs policy.... Missing something.... -Hammer- "I was a normal American nerd." -Jack Herer On Wed, Mar 2, 2011 at 12:32 PM, Hammer <[email protected]> wrote: > OK, I'm confused on something very simple. In the past, when setting up a > router, I've done an access-list allowing (example) SSH and SNMP. Then I've > applied said access list to the VTYs. Transport input I've always set to > "none" as I haven't cared because I have a VTY controlling what comes in. > But it appears I was misunderstanding some things. > > If I set my transport input to SSH, it restricts the VTY access to just > SSH. > Then, I can use an ACL to allow only certain subnets blah blah blah. > > So how am I controlling SNMP? I understand that I can build an SNMP > specific ACL and apply it to snmp server group. Is that it? Meaning, is an > ACL applied to a VTY only going to control source and destination (and ports > possibly) over which whatever transport you applied is allowed? > > So other services aren't really hitting the VTY in that sense? > > > -Hammer- > > "I was a normal American nerd." > -Jack Herer > > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
