Good practice is to have these IP addresses on an internal or trusted network. Be careful, though, when allowing addresses from external networks via the Internet. For more details on access lists, see Chapter 2 . The transport input telnet
command restricts the management interface to Telnet protocol only. (Telnet protocol uses TCP port 23.) If required, configure
transport input all or selective protocols, which will allow for all supported protocols (for example, X.3 PAD, Async over ISDN
v120, DEC MOP, TCP/IP Telnet, UNIX rlogin, UDPTN async via UDP, and TCP/IP SSH protocol).
VTY Access Using SSH
Telnet is the most popular protocol used to access a router for administrative purposes, yet it is important to understand that is the most insecure. All communications in the Telnet session are in clear text, and there are many attacks known to capture
Telnet session and view and/or capture the session information. A more reliable and secure method for device administration to use Secure Shell (SSH) protocol.
SSH provides strong authentication and encryption using strong cryptographic algorithms. SSH uses TCP port 22. Two versions SSH are available: SSH protocol Version 1 and Version 2. SSH Version 1 is an improvement over using clear-text Telnet.
Pages:
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131