Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Howto deny access to router from public networks

Hello experts!

I have a Cisco router set up to allow telnet and ssh login via these lines:

line vty 0 4
privilege level 15
login local
transport input telnet ssh

Is there an easy way to deny this access from any public or outside network?

I want to be able to login only from our internal LANs (192.168.0.x and 192.168.1.x).

Thanks in advance for your help!

Kind regards, Matthias

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Howto deny access to router from public networks

Sure, just create ACL to allow the private subnets as follows:

access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255

line vty 0 4

access-class 5 in

Hope that helps.

Cisco Employee

Re: Howto deny access to router from public networks

Yes sure.

The command is:

ip http access-class 5

4 REPLIES
Cisco Employee

Re: Howto deny access to router from public networks

Sure, just create ACL to allow the private subnets as follows:

access-list 5 permit 192.168.0.0 0.0.0.255

access-list 5 permit 192.168.1.0 0.0.0.255

line vty 0 4

access-class 5 in

Hope that helps.

New Member

Re: Howto deny access to router from public networks

Hello halijenn,

that worked very well, thanks. Is it also possible to apply this access-list to the internal web-server of the router?

It is set up as:


ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

But these commands are outside of any "line" or "interface" -- how can I apply an access-list anyway?

Thanks again!

Cisco Employee

Re: Howto deny access to router from public networks

Yes sure.

The command is:

ip http access-class 5

New Member

Re: Howto deny access to router from public networks

great, thanks a lot!

520
Views
0
Helpful
4
Replies
CreatePlease login to create content