Posted by: Joshua Wood
ACL, Cisco, ssh, telnet
Hi all, I see it all of the time. An administrator has a solid network. Security isn’t bad in most cases in fact pretty good. But the network is highly exposed to hackers due to unrestricted access to attempt to login to routers and switches. In pretty much every network device that I have worked with there is a way to restrict the ability of remote users to have access to the logins to manage routers and switches. Mostly this access is based on an access control list or ACL that restricts which network you can manage the devices from.
Implementing them is simple enough. On a Cisco device you create an ACL, a standard one usually suffices. For example, “ip access-list 99″. Then you enter the line mode configuration with “line vty 0 15″. This will allow you to configure all 15 of the available telnet or SSH lines. Then use “access-class 99″. If all goes well you haven’t locked yourself out of your networked device. I recommend tweaking the URL via testing on a non-production device. The “reload in 10″ works well for a remote device.
Until next time,