restricting access to vty

NewTecherNewTecher Registered Users Posts: 4 ■□□□□□□□□□
in CCNA & CCENT
Hi,

When we are doing restrictions to vty, which ACL do we use? Named or standard, or we can use all? even extended?
· Share on FacebookShare on Twitter

Comments

  • shodownshodown Member Posts: 2,271
    What kinda restrictions. Restricting by acl will only allow a certain subnet or block a subnet.

    Do you want only certain people to have access? Or do you want people to only have access from certain locations?
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    · Share on FacebookShare on Twitter
  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    NewTecher wrote: »
    Hi,

    When we are doing restrictions to vty, which ACL do we use? Named or standard, or we can use all? even extended?

    I believe you can use all kind, but the extended ACL would be more ideal for a high security environment. In the vty configuration mode, you would have to use "access-class" command there rather than using the "ip access-group" command that you would normally use in Interface configuration mode.
    · Share on FacebookShare on Twitter
  • ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    Extended ACL gives you the ability to specify what protocol(s) to filter IE ssh v telnet. Of course, you have telnet turned off already, but you can be very granular and have the ACL only allow ssh connections.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
    · Share on FacebookShare on Twitter
Sign In or Register to comment.