Setting Virtual Terminal Access Lists

You can provide additional security for your router by using access lists to restrict access to vty lines.

When the router attempts to authenticate a user, it always selects the first vty line that has an access class that permits that user’s host. The vty line’s configuration must authenticate the user to allow access. Otherwise, the user can never gain access. Consequently, we recommend that you use identical authentication configurations for all vtys that have the same access class list.

To set up access lists:

  1. Associate the access list with inbound Telnet sessions.
    host1(config)#line vty 12 15 host1(config-line)#access-class Management in
  2. Configure an access list.
    host1(config)#access-list Management permit ip 192.168.11.16 0.0.0.15 anyhost1(config)#access-list Management permit ip 192.168.4.0 0.0.0.255host1(config)#access-list Management deny ip any any

Related Documentation