Re: Re(2):restrict telnet access from source network

From: Radoslav Vasilev (deckland@gmail.com)
Date: Mon Oct 09 2006 - 13:26:59 ART

• Next message: Maneesh Chawla: "BGP SOO"
• Previous message: Brad Ellis: "Re: voice startup [bcc][faked-from]"
• Maybe in reply to: Angelo De Guzman: "Re(2):restrict telnet access from source network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

hostname Rack1R3
line vty 4
 rotary 1
 end

Rack1R4#telnet 150.1.3.3 3001
Trying 150.1.3.3, 3001 ... Open

User Access Verification

Password:
Rack1R3>sh users
    Line User Host(s) Idle Location
   0 con 0 idle 00:01:48
* 70 vty 4 idle 00:00:00 161.1.34.4

Rado

On 10/9/06, Chee Chew Leong <cleong3@csc.com> wrote:
>
>
> How this can be done? Can show some sample config.?
>
>
>
>
>
> *"Radoslav Vasilev" <deckland@gmail.com>*
> Sent by: nobody@groupstudy.com
>
> 10/02/2006 11:53 PM Please respond to
> "Radoslav Vasilev" <deckland@gmail.com>
>
> To
> Chee Chew Leong/ASIA/CSC@CSC cc
> "Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>,
> ccielab@groupstudy.com, nobody@groupstudy.com Subject
> Re: Re(2):restrict telnet access from source network
>
>
>
>
>
>
> Don't think so.
> You can separate a single/couple of VTY lines and configure them
> differently. It all depends on the task wording though.
>
> Rado
>
> On 10/2/06, Chee Chew Leong <cleong3@csc.com> wrote:
> > This would restrict other users from telneting to R7 as well. This will
> > cause over restricted.
> >
> > Is there a method on R7 that can limit a user coming in from certain
> > source ip?
> >
> >
> >
> >
> >
> >
> > "Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
> > Sent by: nobody@groupstudy.com
> > 10/02/2006 10:18 AM
> > Please respond to
> > "Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
> >
> >
> > To
> > ccielab@groupstudy.com
> > cc
> >
> > Subject
> > Re(2):restrict telnet access from source network
> >
> >
> >
> >
> >
> >
> > Hi,
> >
> > Do an inbound ACL at R7 for all the VTY's permitting only the host IP
> > address
> > of R6. Then use local database for the username.
> >
> > Angelo
> >
> > Chee Chew Leong (10/2/06 10:11 AM):
> > >
> > >But, how to do inbound access-class per user on R7?
> > >
> > >
> > >
> > >
> > >
> > >"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
> > >Sent by: nobody@groupstudy.com
> > >10/02/2006 09:29 AM
> > >Please respond to
> > >"Angelo De Guzman" <a.deguzman@wesolv.ph.fujitsu.com>
> > >
> > >
> > >To
> > >ccielab@groupstudy.com
> > >cc
> > >
> > >Subject
> > >Re:restrict telnet access from source network
> > >
> > >
> > >
> > >
> > >
> > >
> > >AFAIK. I think youre interpretation is okay.
> > >
> > >Chee Chew Leong (10/2/06 9:08 AM):
> > >>
> > >>The question quotes "R6 is allowed to telnet to R7 ONLY with username
> R6
> > >>password cisco".
> > >>
> > >>The way I interprete this question is that we have to configure R7 to
> > >>limit a local configured username 'R6' on R7. The telnet only allow
> from
> > >>any of the IPs belongs to R6 when using username 'R6'.
> > >>
> > >>
> > >>I need your opinion should my interpretation correct or how to
> configure
> > >>this.
> > >>
> >
> >>_______________________________________________________________________
> > >>Subscription information may be found at:
> > >>http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>***********************
> > >>No virus was detected in the attachment no filename
> > >>
> > >>Your mail has been scanned by InterScan MSS.
> > >>***********-***********
> > >>
> > >
> > >
> > >
> > >***********************
> > >No virus was detected in the attachment no filename
> > >
> > >Your mail has been scanned by InterScan MSS.
> > >***********-***********
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >_______________________________________________________________________
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >***********************
> > >No virus was detected in the attachment no filename
> > >
> > >Your mail has been scanned by InterScan MSS.
> > >***********-***********
> > >
> >
> >
> >
> > ***********************
> > No virus was detected in the attachment no filename
> >
> > Your mail has been scanned by InterScan MSS.
> > ***********-***********
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Maneesh Chawla: "BGP SOO"
• Previous message: Brad Ellis: "Re: voice startup [bcc][faked-from]"
• Maybe in reply to: Angelo De Guzman: "Re(2):restrict telnet access from source network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART