VTY Admission Using Telnet
Example 3-3 shows you three procedures. First, it shows you how to configure VTY curve for Telnet admission with a password.
Second, it shows you how to administer an admission account absolutely advertisement the hosts or networks from which alien administering will permitted. And third, it shows how to set an exec affair timeout.
Example 3-3. Configuring VTY Admission Using Telnet and Admission List
Router(config)# access-list 10 admittance host 10.1.1.1
Router(config)# access-list 10 admittance host 10.1.1.2
Router(config)# access-list 10 admittance 192.168.1.1 0.0.0.255
Router(config)# access-list 10 abjure any log
Router(config)# band vty 0 4
Router(config-line)# access-class 10 in
Router(config-line)# exec-timeout 10 0
Router(config-line)# carriage ascribe telnet
Router(config-line)# countersign
Router(config-line)# login
Router(config-line)# end
Router#
The IP access-list cardinal 10 in Archetype 3-3 is acclimated to analyze the hosts that are accustomed to affix to the accessory through the
VTY ports. Good convenance is to accept these IP addresses on an centralized or trusted network. Be careful, though, back acceptance addresses from alien networks via the Internet. For added capacity on admission lists, see Chapter 2 . The carriage ascribe telnet
command restricts the administration interface to Telnet agreement only. (Telnet agreement uses TCP anchorage 23.) If required, configure
transport ascribe all or careful protocols, which will acquiesce for all accurate protocols (for example, X.3 PAD, Async over ISDN
v120, DEC MOP, TCP/IP Telnet, UNIX rlogin, UDPTN async via UDP, and TCP/IP SSH protocol).