09-09-2010 01:04 AM
Hello experts!
I have a Cisco router set up to allow telnet and ssh login via these lines:
line vty 0 4
privilege level 15
login local
transport input telnet ssh
Is there an easy way to deny this access from any public or outside network?
I want to be able to login only from our internal LANs (192.168.0.x and 192.168.1.x).
Thanks in advance for your help!
Kind regards, Matthias
Solved! Go to Solution.
09-09-2010 01:11 AM
Sure, just create ACL to allow the private subnets as follows:
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 5 in
Hope that helps.
09-09-2010 01:42 AM
09-09-2010 01:11 AM
Sure, just create ACL to allow the private subnets as follows:
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 5 in
Hope that helps.
09-09-2010 01:26 AM
Hello halijenn,
that worked very well, thanks. Is it also possible to apply this access-list to the internal web-server of the router?
It is set up as:
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
But these commands are outside of any "line" or "interface" -- how can I apply an access-list anyway?
Thanks again!
09-09-2010 01:42 AM
Yes sure.
The command is:
ip http access-class 5
09-09-2010 02:20 AM
great, thanks a lot!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: