Controlling Telnet and SSH Access with ACLs

When an external user connects to a router or switch using Telnet or SSH, IOS uses a vty line to represent that user connection. IOS can apply an ACL to those inbound connections by applying an ACL to the vty line, filtering the addresses from which IPv4 hosts can telnet or SSH into the router or switch.

For example, imagine that all the network engineering staff uses subnet 10.1.1.0/24, and only those devices are supposed to be able to telnet into any of the Cisco routers in a network. In such a case, the configuration shown in Example 23-9 could be used on each router to deny access from IP addresses not in that subnet.

Example 23-9 vty Access Control Using the access-class Command

Get CCENT/CCNA ICND1 100-101 Official Cert Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.