[c-nsp] Allow VTY access by telnet and ssh
Jay Hennigan
jay at west.net
Fri Sep 5 06:27:59 EDT 2008
Ang Kah Yik wrote:
> I think more specifically, he wanted to be able to permit a particular group
> of users to use telnet and another to use ssh.
> While I'm not sure why it'd be good to use telnet when ssh is available, I
> suppose it would be possible to apply an ACL on the VTYs to deny access to
> telnet/ssh as required.
I haven't tried it, but it might be possible to use an extended ACL for
this.
ip access-list extended vty-list
permit tcp 1.1.1.0 0.0.0.255 any eq 22
permit tcp 2.2.2.0 0.0.0.255 any eq 23
line vty 0 4
transport input telnet ssh
access-class vty-list in
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list