It is
imperative to secure these lines with strong passwords and an access-control mechanism. Note that although the vty lines do have a password set by default, they are still inaccessible until the login command is entered to allow remote logon. An ACL also be used optionally to further secure access control to authorized users, thereby allowing access only from a restricted set IP addresses.
You can use two common methods to access the vty lines: the Telnet and SSH protocols.
VTY Access Using Telnet
Example 3-3 shows you three procedures. First, it shows you how to configure VTY lines for Telnet access with a password.
Second, it shows you how to apply an access list explicitly listing the hosts or networks from which remote administration will permitted. And third, it shows how to set an exec session timeout.
Example 3-3. Configuring VTY Access Using Telnet and Access List
Router(config)# access-list 10 permit host 10.1.1.1
Router(config)# access-list 10 permit host 10.1.1.2
Router(config)# access-list 10 permit 192.168.1.1 0.0.0.255
Router(config)# access-list 10 deny any log
Router(config)# line vty 0 4
Router(config-line)# access-class 10 in
Router(config-line)# exec-timeout 10 0
Router(config-line)# transport input telnet
Router(config-line)# password
Router(config-line)# login
Router(config-line)# end
Router#
The IP access-list number 10 in Example 3-3 is used to identify the hosts that are allowed to connect to the device through the
VTY ports.
Pages:
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130