cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
331
Views
9
Helpful
4
Replies

Securing E/0 on 1721

jfridlund
Level 1
Level 1

I need to secure the Ethernet interface to allow ONLY my device access, as it is open to the public. How do I do this ?

4 Replies 4

Martin Parry
Level 3
Level 3

Hi

when you say access the router, do you mean telnet to the router itself, or allow packets into the interface to be routed out to a destination?

Regards

Martin

No, I mean "physical" access. This router is located at a customers site and I have a device plugged into E/0. I want to secure that port from someone unplugging E/0 and using the port to try and access our network.

Hmm, the only way to address this problem (I think) is to connect a switch to that ethernet interface, then patch that connection to the switch instead of the router. On the switch, port security can be configured to only allow one static mac address.

Unless of course you mean that they have actual physical access to the router. Unauthorized personel should never have access to networking equipment and it should be locked up in an IDF or MDF.

-Chris

EDIT: Well, I guess you could use an access list to only permit your host address

(config)#access-list 101 permit host any (may not be exact syntax)

(config)#int eth0

(config-if)#ip access-group 101 in

That will just allow the host with your static IP to communicate with the network. This isn't perfiect though, because somebody else could configure another device with the same IP and have it work. The better solution would be a switch in my opinion

You can create an access-list and apply it on the VTY lines.

The access-list should deny the network configured on the E1/0 interface. This would prevent anyone trying to access the network.

Better way would be to just allow telnet sessions from the network management subnet

HTH, rate if it does

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: