Howto deny access to router from public networks

Answered Question
Sep 9th, 2010

Hello experts!

I have a Cisco router set up to allow telnet and ssh login via these lines:

line vty 0 4
privilege level 15
login local
transport input telnet ssh

Is there an easy way to deny this access from any public or outside network?

I want to be able to login only from our internal LANs (192.168.0.x and 192.168.1.x).

Thanks in advance for your help!

Kind regards, Matthias

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 4 months ago

Yes sure.

The command is:

ip http access-class 5

Correct Answer by Jennifer Halim about 6 years 4 months ago

Sure, just create ACL to allow the private subnets as follows:

access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255

line vty 0 4

access-class 5 in

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jennifer Halim Thu, 09/09/2010 - 01:11

Sure, just create ACL to allow the private subnets as follows:

access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255

line vty 0 4

access-class 5 in

Hope that helps.

MatthiasGTW Thu, 09/09/2010 - 01:26

Hello halijenn,

that worked very well, thanks. Is it also possible to apply this access-list to the internal web-server of the router?

It is set up as:


ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

But these commands are outside of any "line" or "interface" -- how can I apply an access-list anyway?

Thanks again!

Actions

This Discussion