Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1343
Views
0
Helpful
3
Replies

restrict telnet access for specific users on ios router

Archil Sokhadze
Level 1
Level 1

‎10-08-2012 02:58 AM - edited ‎03-10-2019 07:38 PM

aaa new-model

aaa authentication login default local


username aaa password aaa

username bbb password bbb

user aaa should have ssh and telnet access.

user bbb  is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.


i also can not  apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list


radius and tacacs is not option for me


what can be done in order to restrict user bbb from ssh and telnet access ?

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-08-2012 10:13 PM

I have not tested it but it seems to me that something like this might accomplish your requirements

User aaa password aaa privilege 0

HTH

Rick

Sent from Cisco Technical Support iPhone App4F7388

HTH

Rick
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎10-08-2012 10:16 PM

OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try

User bbb password bbb privilege 0

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick
0 Helpful

Archil Sokhadze
Level 1
Level 1

‎10-09-2012 01:11 AM

username bbb privilege 0 password bbb

it doesnot solvs issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents