Enables SSH (Secure Shell) for this management policy

SSH, like Telnet, provides a command line interface to a remote host. SSH transmissions are encrypted and authenticated, increasing the security of transmission. SSH access is enabled by default.



If the RADIUS server is not reachable, SSH management access to the controller or access point may be denied. RADIUS support is available locally on controllers and access points, with the exception of the AP 6522 model, which requires an external RADIUS resource.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


ssh {login-grace-time <60-300>|port <1-65535>}


ssh {login-grace-time <60-300>|port <1-65535>}


Enables SSH communication between client and server

login-grace-time <60-300>

Optional. Configures the login grace time. This is the interval, in seconds, after which an unsuccessful login is disconnected.

  • <60-300> – Specify a value from 60 - 300 seconds. The default is 60 seconds.

port <1-65535>

Optional. Configures the SSH port. This is the port used for SSH connections.

  • <1-65535> – Specify a value from 1 - 165535. The default port is 22.


rfs4000-6DB5D4(config-management-policy-test)#ssh port 162
rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 no http server
 https server
 ftp username superuser password 1
626b4033263d6d2ae4e79c48cdfcccb60fd4c77a8da9e365060597a6d6570ec2 rootdir dir
ssh port 162
 snmp-server community snmp1 ro
 snmp-server user snmpmanager v3 encrypted des auth md5 0 test123
 snmp-server host v3 162
 aaa-login radius external
 aaa-login radius policy test
 idle-session-timeout 0
 restrict-access host log all

Related Commands


Resets SSH access port to factory default (port 22)