- IP Access List Overview
- Access Control Lists Overview and Guidelines
- Creating an IP Access List and Applying It to an Interface
- Creating an IP Access List to Filter
- ACL Syslog Correlation
- Refining an IP Access List
- Displaying and Clearing IP Access List Data Using ACL Manageability
- Object Groups for ACLs
- Controlling Access to a Virtual Terminal Line
- Access List-Based RBSCP
- ACL IP Options Selective Drop
- ACL Authentication of Incoming rsh and rcp Requests
- Configuring Lock-and-Key Security - Dynamic Access Lists
- Configuring IP Session Filtering - Reflexive Access Lists
- IP Access List Entry Sequence Numbering
- Finding Feature Information
- Restrictions for Controlling Access to a Virtual Terminal Line
- Information About Controlling Access to a Virtual Terminal Line
- How to Control Access to a Virtual Terminal Line
- Configuration Examples for Controlling Access to a Virtual Terminal Line
- Where to Go Next
- Additional References
- Feature Information for Controlling Access to a Virtual Terminal Line
Controlling Access to a Virtual Terminal Line
You can control who can access the virtual terminal lines (vtys) to a router by applying an access list to inbound vtys. You can also control the destinations that the vtys from a router can reach by applying an access list to outbound vtys.
- Finding Feature Information
- Restrictions for Controlling Access to a Virtual Terminal Line
- Information About Controlling Access to a Virtual Terminal Line
- How to Control Access to a Virtual Terminal Line
- Configuration Examples for Controlling Access to a Virtual Terminal Line
- Where to Go Next
- Additional References
- Feature Information for Controlling Access to a Virtual Terminal Line
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Controlling Access to a Virtual Terminal Line
When you apply an access list to a vty (by using the access-class command), the access list must be a numbered access list, not a named access list.
Information About Controlling Access to a Virtual Terminal Line
Benefits of Controlling Access to a Virtual Terminal Line
By applying an access list to an inbound vty, you can control who can access the lines to a router. By applying an access list to an outbound vty, you can control the destinations that the lines from a router can reach.
How to Control Access to a Virtual Terminal Line
Controlling Inbound Access to a vty
Perform this task when you want to control access to a vty coming into the router by using an access list. Access lists are very flexible; this task illustrates one access-list deny command and one access-list permitcommand. You will decide how many of each command you should use and their order to achieve the restrictions you want.
DETAILED STEPS
Controlling Outbound Access to a vty
Perform this task when you want to control access from a vty to a destination. Access lists are very flexible; this task illustrates one access-list deny command and one access-list permitcommand. You will decide how many of each command you should use and their order to achieve the restrictions you want.
When a standard access list is applied to a line with the access-class outcommand, the address specified in the access list is not a source address (as it is in an access list applied to an interface), but a destination address.
DETAILED STEPS
Configuration Examples for Controlling Access to a Virtual Terminal Line
Example Controlling Inbound Access on vtys
The following example defines an access list that permits only hosts on network 172.19.5.0 to connect to the virtual terminal lines 1 through 5 on the router. Because the vty keyword is omitted from the line command, the line numbers 1 through 5 are absolute line numbers.
access-list 12 permit 172.19.5.0 0.0.0.255 line 1 5 access-class 12 in
Example Controlling Outbound Access on vtys
The following example defines an access list that denies connections to networks other than network 171.20.0.0 on terminal lines 1 through 5. Because the vty keyword is omitted from the line command, the line numbers 1 through 5 are absolute line numbers.
access-list 10 permit 172.20.0.0 0.0.255.255 line 1 5 access-class 10 out
Where to Go Next
You can further secure a vty by configuring a password with the password line configuration command. See the password (line configuration) command in the Cisco IOS Security Command Reference.
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Configuring a password on a line |
Cisco IOS Security Command Reference |
Standards
Standard |
Title |
---|---|
None |
-- |
MIBs
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
None |
-- |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Controlling Access to a Virtual Terminal Line
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 | Feature Information for Controlling Access to a Virtual Terminal Line |
Feature Name |
Releases |
Feature Configuration Information |
---|---|---|
Controlling Access to a Virtual Terminal Line |
12.0(32)S4
|
You can control who can access the virtual terminal lines (vtys) to a router by applying an access list to inbound vtys. You can also control the destinations that the vtys from a router can reach by applying an access list to outbound vtys. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2011 Cisco Systems, Inc. All rights reserved.