To restrict incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list, use the access-class command in line configuration mode. To remove access restrictions, use the no form of this command.
You cant disable telnet access from a particular interface on a router. The telnet process runs independent of any interface. The above config will disable you from telneting into the router as a whole based on access-list
Try a reflexive access-list. This should disable telnet coming from outside to inside, (including telnet to your router on the serial interface)
ip access-list extended OUTBOUND
permit any any eq 23 reflect Telnettraffic
ip access-list extended INBOUND
ip access-group OUTBOUND out
ip access-group INBOUND in
This accesslist OUTBOUND basically permits only those telnet traffic initiated from inside your network. A dynamic entry is created each time telnet connection is initiated from inside to outside. The return telnet traffic for every session (initiated from inside to outside), is also permitted by the dynamic entry.
The other side effect of this reflexive access-list (good side effect) is that it will deny telnet access to your router on the serial interface.
You can mix and match regular access-list statements with reflexive access-list statements. So make sure if you have other access-lists in place already, to add thos statements, into the above mentioned access-lists.
I want to prevent the router responding to telnet attempts on port 25 when they originate from the outside (Internet)on serial line. Any internal telnet from the LAN I would like to keep open both ways, telnetting into the router and out of it. Thanks.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...