cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1001
Views
0
Helpful
3
Replies

restrict telnet access for specific users on ios router

aaa new-model

aaa authentication login default local


username aaa password aaa

username bbb password bbb

user aaa should have ssh and telnet access.

user bbb  is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.


i also can not  apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list


radius and tacacs is not option for me


what can be done in order to restrict user bbb from ssh and telnet access ?

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: restrict telnet access for specific users on ios router

I have not tested it but it seems to me that something like this might accomplish your requirements

User aaa password aaa privilege 0

HTH

Rick

Sent from Cisco Technical Support iPhone App4F7388

HTH

Rick
Highlighted
Hall of Fame Master

Re: restrict telnet access for specific users on ios router

OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try

User bbb password bbb privilege 0

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick
Highlighted

Re: restrict telnet access for specific users on ios router

username bbb privilege 0 password bbb

it doesnot solvs issue.