[nsp] permit vty ssh, no telnet for some users ?
Mark D. Nagel
mnagel at willingminds.com
Sat Apr 24 23:09:16 EDT 2004
matthew zeier wrote:
>Any clue on how to permit just one user to telnet to the router while making
>everyone else use ssh? Aside from declaring it a policy.
>
>
>
When you say user, do you mean actual login ID, or just source IP
address? Not sure how to do the former, but the latter is pretty easy:
line vty 0
access-class 20 in
transport-input telnet
line vty 1 4
access-class 21 in
transport-input ssh
Fill in access-list 20 and 21 as you see fit. This is also a good way to
reserve a vty for emergency access, BTW.
I don't think the former is really possible, since authentication can't
be done until the transport method has been selected. If something can
be done with AAA to accomplish the equivalent, I'd sure like to know how!
Mark
More information about the cisco-nsp
mailing list