I would always refer to vty setup as "how people manage my routers" and global acl, copp, acl on the interface, whatever, to control things at the service level :)
Sent using my Iphone Em 02/03/2011, às 16:07, Hammer <[email protected]> escreveu: > And to follow up on my own question, am I just filtering at different > points? > > So, option 1: > > filter SSH via transport input statement and ACL on VTY > filter SNMP via ACL on snmp-group > > Or option 2: > > filter all via CoPPs policy > > But doing both is redundant correct? > > Trying to understand the difference between an VTY ACL and a CoPPs > policy.... Missing something.... > > -Hammer- > > "I was a normal American nerd." > -Jack Herer > > > > > > On Wed, Mar 2, 2011 at 12:32 PM, Hammer <[email protected]> wrote: > >> OK, I'm confused on something very simple. In the past, when setting up a >> router, I've done an access-list allowing (example) SSH and SNMP. Then I've >> applied said access list to the VTYs. Transport input I've always set to >> "none" as I haven't cared because I have a VTY controlling what comes in. >> But it appears I was misunderstanding some things. >> >> If I set my transport input to SSH, it restricts the VTY access to just >> SSH. >> Then, I can use an ACL to allow only certain subnets blah blah blah. >> >> So how am I controlling SNMP? I understand that I can build an SNMP >> specific ACL and apply it to snmp server group. Is that it? Meaning, is an >> ACL applied to a VTY only going to control source and destination (and ports >> possibly) over which whatever transport you applied is allowed? >> >> So other services aren't really hitting the VTY in that sense? >> >> >> -Hammer- >> >> "I was a normal American nerd." >> -Jack Herer >> >> >> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
