Restricting Telnet Access To/From a Cisco Router/Switch

 Uncategorized  Add comments
Apr 272008
 

This simple setup has two components:

1) An Access List that defines source and destination IP addresses for the session
2) The command under the vty lines that references the Access List

In the examples below the router IP Address is 192.168.1.1

Example (Telnet to Router/Switch):

access-list 100 remark allow hosts on the 192.168.1.0/24 network to telnet to the router/switch
access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 23

line vty 0 4
access-class 100 in

Example (Telnet from Router/Switch):

access-list 101 remark allow the router/switch to telnet to hosts on the 192.168.1.0/24 network
access-list 101 permit tcp host 192.168.1.1 192.168.1.0 0.0.0.255 eq 23

line vty 0 4
access-class 101 out

The inbound and and outbound access can be combined as follows:

line vty 0 4
access-list 100 in
access-list 101 out

kshort


Warning: fopen(/home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/lib/standard.txt) [function.fopen]: failed to open stream: No such file or directory in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 104

Warning: fread(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 105

Warning: fclose(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 106
.