Cisco Support Community
Community Member


How to restrict Ping and telnet utility from a host to a router?

Community Member

Re: icmp

One option is to create an extended access-list;

‘(config)#access-list 123 permit icmp host host echo-reply’ to receive ping replies.

‘(config)#access-list 123 permit icmp host host echo’ to send ping

‘(config)#access-list 123 permit tcp host host eq telnet’

You can also use ‘deny’ &/or ‘any any’ depending on the restrictions you want to create.

Another option for telnet would be to create an Access Policy:

Telnet Password

Routers that are not running enterprise edition of the Cisco IOS default to five VTY lines, 0 to 4.

Enterprise edition will have significantly more; some may be 198 (0 to 197). To find out how many with the ‘(config)#line vty 0 ?’ command.

The Login Option

The login command indicates to the router where to find the login information that tells it to prompt for authentication; used in the console, auxiliary, & vty lines.

Option to use that is more specific;

‘login’ – indicates where to find user information.

‘login local’ – information will be found locally in the username statement i.e. username Richard password cisco.


You must set ‘login local’ command before ‘username’ on the required lines.

‘(config)#line vty 0 4’

‘(config)#login local’

‘(config)#username NAME password CISCO’

I hope this is of some help to you.

CreatePlease to create content