Is there a possibility to limit telnet of pcs to core swithes with acl or other ways? I mean, for example, in a typical lan, two core layer 3 switches, server layer 2 access switches connected to both core switchers, my objective is to limit some of pcs connected to one layer 2 switche to telnet the core switches. I know i can use aaa authentication on core switches to chanllenge the action, my question is that, can i take some other means to limit the telnet based on port on layer 2 switches, for instance, 2950 switch, or to use extended acl on core switches to accomplish that?
Re: Switch telnet control through acl or other means
You can limit by IP address who can login and who can't on both CatOS and IOS switches.
For IOS, just use an access-class on the VTY ports to limit what IP addresses can telnet in as follows:
> access-list 1 permit 10.1.1.1
> access-list 1 permit 10.1.1.5
> line vty 0 4
> access-class 1 in
For CatOS, you use an IP permit list as follows:
> set ip permit 10.1.1.1 telnet
> set ip permit 10.1.1.5 permit
> set ip permit enable telnet
Both the above scenarios allow 10.1.1.1 and 10.1.1.5 to telnet to the switch. You can allow more IP addresses just by adding more lines to your config. MAKE SURE you add your own IP address in otherwise you'll lock yourself out.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :