vendredi, avril 19, 2024
Récents :
Réseaux

Configuring an ACL on VTY Lines (Telnet/SSH)

Mourad ELGORMA



Welcome to Network Engineer Pro. I’m Rafael, CCIE 64356 in routing and switching.

I’m working on ton of content (videos, labs and more) to help you learn networking. If you want to stay up to date on what I’m working on and be the first to know then head to my website where you can sign up and get notified:
➤ https://www.networkengineerpro.com/

You can also follow me on Facebook:
➤ https://www.facebook.com/NetworkEngineerPro

Amazon affiliate links to recommended reading material

The CCNA 200-301 Official Cert Guide Volume 1
➤ https://amzn.to/3AWwjXh

The CCNA 200-301 Official Cert Guide Volume 2
➤ https://amzn.to/3wv81QQ

For those of you who want to take your studies to the CCIE level, here are the first two books(of many) you should get your hands on.

Routing TCP/IP, Volume 1
➤ https://amzn.to/3ARnVZj

Routing TCP/IP, Volume 2
➤ https://amzn.to/3k8wfxB

————————————————————————————————————–
If you are new and don’t know how SSH works, watch this. It will bring you up to speed.

SSH Tutorial

In this video I explain and show you how to configure an Access Control List (ACL) and apply it to your VTY Lines (Telnet or SSH).

Configuring SSH is a must, never use TELNET!
After applying the basic configuration to get SSH up and running, technically anyone with IP reachability to the router or switch can potentially connect to it via SSH. If they have the credentials and malicious intent then they can do whatever they want.

Allowing users to SSH to a network device from any IP can be a security concern for some organizations. To address this you can restrict who access the VTY lines on a device by applying an ACL inbound on those VTY’s.
You can also control the destinations that the VTY’s from a router can reach by applying an access list to outbound VTY’s but I only focus on inbound in this video.

When you apply an ACL to VTY lines, it’s done by using the “access-class” command. You then reference a specific ACL and a particular direction (in or out).

The configuration for the extended access control list I used in this video is:

enable
conf t
ip access-list extended SSH-ACCESS
permit tcp 10.140.1.0 0.0.0.255 any eq 22
deny tcp any any log

I then applied it line VTY 0 15 on my router by using:

line vty 0 15
access-class SSH-ACCESS in

This allowed SSH from a specific subnet only.

I hope everyone enjoyed this video, if so subscribe and let me know in the comments, have an awesome day everyone and lab on!

#CCNA #CCNP #CCIE

Views : 2803
network engineer

Source by Network Engineer Pro

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Vous pourrez aussi aimer

Hiring Sr. Network Engineer in Des Moines, IA (Full-time) at Top Tier Cisco Gold Partner – CCNP

Mourad ELGORMA

Préparation à la certification Azure Network Engineer (AZ-700) – Domain Name Resolution [Avril 22]

Mourad ELGORMA

All Mlm Plans | Top Crypto Coins Airdrops | Network Marketing | Stock Market News Coming Soon | Mlm

Mourad ELGORMA

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *