[nsp] permit vty ssh, no telnet for some users ?

Richard Danielli richard.danielli at esubnet.com
Mon Apr 26 14:14:51 EDT 2004


Matthew,

What about providing an IP address and an IP address secondary, then use
ACLs to restrict what lands where, and then hand out the different IP
addresses to how that person is supposed to access the device as per your
preference.

of course if everyone is coming from the same SRC IP then you are probably
NATing which means that you can set up rules on the client side.

OR

Simply just have everyone use SSH.
-rd-

--
Richard Danielli
Founder/President
eSubnet Enterprises Inc.
TORONTO, ON
Canada
(416) 203-5253
c: (416) 525-6148
http://www.eSubnet.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of matthew zeier
> Sent: Monday, April 26, 2004 1:21 PM
> To: michael earls; Voll, Scott; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] permit vty ssh, no telnet for some users ?
>
>
> Was looking for something that would allow one user to telnet and require
> everyone else to ssh from the same src address.
>
> Apparently this isn't possible.
>



More information about the cisco-nsp mailing list