Configuring an ACL on VTY Lines (Telnet/SSH)

Описание к видео Configuring an ACL on VTY Lines (Telnet/SSH)

Welcome to Network Engineer Pro. I'm Rafael, CCIE 64356 in routing and switching.

I'm working on ton of content (videos, labs and more) to help you learn networking. If you want to stay up to date on what I'm working on and be the first to know then head to my website where you can sign up and get notified:
➤ https://www.networkengineerpro.com/

You can also follow me on Facebook:
➤   / networkengineerpro  

Amazon affiliate links to recommended reading material

The CCNA 200-301 Official Cert Guide Volume 1
➤ https://amzn.to/3AWwjXh

The CCNA 200-301 Official Cert Guide Volume 2
➤ https://amzn.to/3wv81QQ

For those of you who want to take your studies to the CCIE level, here are the first two books(of many) you should get your hands on.

Routing TCP/IP, Volume 1
➤ https://amzn.to/3ARnVZj

Routing TCP/IP, Volume 2
➤ https://amzn.to/3k8wfxB


--------------------------------------------------------------------------------------------------------------
If you are new and don't know how SSH works, watch this. It will bring you up to speed.

SSH Tutorial
   • Never use TELNET ! How to configure S...  

In this video I explain and show you how to configure an Access Control List (ACL) and apply it to your VTY Lines (Telnet or SSH).

Configuring SSH is a must, never use TELNET!
After applying the basic configuration to get SSH up and running, technically anyone with IP reachability to the router or switch can potentially connect to it via SSH. If they have the credentials and malicious intent then they can do whatever they want.

Allowing users to SSH to a network device from any IP can be a security concern for some organizations. To address this you can restrict who access the VTY lines on a device by applying an ACL inbound on those VTY's.
You can also control the destinations that the VTY's from a router can reach by applying an access list to outbound VTY's but I only focus on inbound in this video.

When you apply an ACL to VTY lines, it's done by using the "access-class" command. You then reference a specific ACL and a particular direction (in or out).

The configuration for the extended access control list I used in this video is:

enable
conf t
ip access-list extended SSH-ACCESS
permit tcp 10.140.1.0 0.0.0.255 any eq 22
deny tcp any any log

I then applied it line VTY 0 15 on my router by using:

line vty 0 15
access-class SSH-ACCESS in

This allowed SSH from a specific subnet only.

I hope everyone enjoyed this video, if so subscribe and let me know in the comments, have an awesome day everyone and lab on!

#CCNA #CCNP #CCIE

Комментарии

Информация по комментариям в разработке