Virtual Terminal Access Lists

[Contents] [Prev] [Next] [Index] [Report an Error]

Virtual Terminal Access Lists
You can provide additional security for your system by using access lists to restrict access to vty lines.

When the system attempts to authenticate a user, it always selects the first vty line that has an access class that permits that user's host. The vty line's configuration must authenticate the user to allow access. Otherwise, the user can never gain access. Consequently, it is recommended that you use identical authentication configurations for all vtys that have the same access class list.

To set up access lists:

Associate the access list with inbound Telnet sessions.
host1(config)#line vty 12 15
host1(config-line)#access-class boston in
Configure an access list.
host1(config)#access-list boston permit any 
access-class in

Use to associate the access list with vty lines.

Example - this example sets the virtual terminal lines to which you want to restrict access and specifies an access class to grant access to incoming requests.
host1(config)#line vty 12 15
host1(config-line)#access-class boston in
Use the no version to remove access restrictions.

access-list

Use to configure an access list.

Example
host1(config)#access-list boston permit any 
The no version of this command removes the access list.

[Contents] [Prev] [Next] [Index] [Report an Error]