[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Virtual Terminal Access Lists
You can provide additional security for your router
by using access lists to restrict access to vty lines.
When the router attempts to authenticate a user,
it always selects the first vty line that has an access class that
permits that user’s host. The vty line’s configuration
must authenticate the user to allow access. Otherwise, the user can
never gain access. Consequently, we recommend that you use identical
authentication configurations for all vtys that have the same access
class list.
To set up access lists:
- Associate the access list with inbound Telnet sessions.
- host1(config)#line vty 12 15
- host1(config-line)#access-class Management
in
- Configure an access list.
- host1(config)#access-list Management permit
ip 192.168.11.16 0.0.0.15 any
- host1(config)#access-list Management permit
ip 192.168.4.0 0.0.0.255
- host1(config)#access-list Management deny
ip any any
access-class in
- Use to associate the access list with vty lines.
- Example—This example sets the virtual terminal lines
to which you want to restrict access and specifies an access class
to grant access to incoming requests.
- host1(config)#line vty 12 15
- host1(config-line)#access-class Management
in
- Use the no version to remove
access restrictions.
- See access-class in.
access-list
- Use to configure an access list.
- Example
- host1(config)#access-list Management permit
ip 192.168.11.16 0.0.0.15 any
- Use the no version to remove
the access list.
- See access-list.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
