restricting access to vty

NewTecher

Hi,

When we are doing restrictions to vty, which ACL do we use? Named or standard, or we can use all? even extended?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

shodown

What kinda restrictions. Restricting by acl will only allow a certain subnet or block a subnet.

Do you want only certain people to have access? Or do you want people to only have access from certain locations?

hiddenknight821

NewTecher wrote: »

Hi,

When we are doing restrictions to vty, which ACL do we use? Named or standard, or we can use all? even extended?

I believe you can use all kind, but the extended ACL would be more ideal for a high security environment. In the vty configuration mode, you would have to use "access-class" command there rather than using the "ip access-group" command that you would normally use in Interface configuration mode.

Zartanasaurus

Extended ACL gives you the ability to specify what protocol(s) to filter IE ssh v telnet. Of course, you have telnet turned off already, but you can be very granular and have the ACL only allow ssh connections.