CCSP Self-Study: Securing Cisco IOS Networks (SECUR)

Filtering Router Service Traffic

This section explains how to implement ACLs to filter IP traffic that is destined for the following router services:

Telnet
SNMP
Routing protocols

Telnet Service

Telnet (vty) is typically used by systems administrators to access the router for config-uration and maintenance. Figure 4-28 shows a portion of the theoretical network from Figure 4-27.

Figure 4-28. Telnet Service Filtering

You should restrict which hosts have access to the vty lines of the router by using an ACL, as demonstrated in Example 4-16.

Example 4-16. Filtering Telnet Service

R2(config)# access-list 105 permit host 16.2.1.3 eq 23 any log R2(config)# ...

Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCSP Self-Study: Securing Cisco IOS Networks (SECUR) by John F. Roland

Filtering Router Service Traffic

Telnet Service

Figure 4-28. Telnet Service Filtering

Example 4-16. Filtering Telnet Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly