How to restrict Telnet access to or from a Cisco router

TCC_2 · ‎06-22-2009

Core Issue

Users can access the Cisco router's Command-Line Interface (CLI) through Telnet by using vty sessions available on the router. Users can also Telnet to other devices from a Cisco router.

A router configured to restrict devices from which it is accessed through Telnet is known as the inbound Telnet access. A router configured to restrict devices from which a user can Telnet from the router is known as the outbound Telnet access.

Resolution

To specify devices to be denied or permitted, configure an Access Control List (ACL) in global configuration mode. A standard ACL is usually used for this purpose. Issue the access-list access-list-number {deny | permit} source [source-wildcard] command.

Perform these options:

To restrict inbound Telnet access for vty sessions, issue the access-class access-list-number in command in line configuration mode. Set identical restrictions on all virtual terminal lines because a user can connect to any of them.
To restrict outbound Telnet access for vty sessions, issue the access-class access-list-number out command in line configuration mode.


This command can also be issued on the console and on other async lines available on the router.

For more information, refer to the Controlling Access to a Line or Interface section of Configuring IP Services.

anitagaur · ‎05-03-2010

I configured mobile ip on Cisco 3745 router and see that a mobile subscriber can telnet to the router. Will an access-list configured on vty lines to block mobile subscriber IP range restrict the telnet access?