Controlling Telnet and SSH Access with ACLs
When an external user connects to a router or switch using Telnet or SSH, IOS uses a vty line to represent that user connection. IOS can apply an ACL to those inbound connections by applying an ACL to the vty line, filtering the addresses from which IPv4 hosts can telnet or SSH into the router or switch.
For example, imagine that all the network engineering staff uses subnet 10.1.1.0/24, and only those devices are supposed to be able to telnet into any of the Cisco routers in a network. In such a case, the configuration shown in Example 23-9 could be used on each router to deny access from IP addresses not in that subnet.
Example 23-9 vty Access Control Using the access-class Command
Get CCENT/CCNA ICND1 100-101 Official Cert Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
