06-18-2013 03:32 AM - edited 03-03-2019 07:06 AM
Route 2900, I need to block ssh in one interface Please Help me
06-18-2013 10:52 AM
Hello Manoj,
This could be done with ACL, and it should not go on an interface, it should be applied on the VTY lines.
For example if you only want to allow SSH access from 172.16.1.0/24 and block other requests (like Telnet) try the following.
R1(config)#ip access-list extended VTY_ACCESS
R1(config-ext-nacl)#10 permit tcp 172.16.1.0 0.0.0.255 any eq 22
R1(config-ext-nacl)#500 deny ip any any logR1(config-ext-nacl)#line vty 0 4
R1(config-line)#access-class VTY_ACCESS in
R1(config-line)#end
R1#
The way you are asking is possible too, you could try the following:
R1(config)#ip access-list extended VTY_ACCESS
R1(config-ext-nacl)#10 deny tcp any any eq 22
R1(config-ext-nacl)#20 permit ip any anyR1(config-ext-nacl)#interface
R1(config-if)#ip access-group VTY_ACCESS in
R1(config-if)#end
R1#
This would block all SSH requests entering the interface where it's been applied.
Regards.
Please don't forget to rate helpful posts.
06-24-2013 04:18 AM
I am tring with second commnad line. it is taken but it not blocking ssh or tell net so please help me about this.
06-24-2013 10:49 AM
Hi,
For example, suppose you want to block ssh on f0/0( with IP address x.x.x.x )
ip access-list extended NO_SSH
deny tcp any host x.x.x.x eq ssh
permit ip any any
int f0/0
ip access-group NO_SSH in
Rem: don't forget to add other IPs on the router in deny statements before the permit ip any any
other solution:
let's suppose IP subnet coming into f0/0 is 10.0.0.0/24
access-list 1 deny 10.0.0.0 0.0.0.255
access-list 1 permit any
line vty 0 4
access-class 1 in
The same remark is applicable for this solution.
Regards
Alain
Don't forget to rate helpful posts.
07-02-2013 12:02 AM
I used these all commands but it is not blocking ssh or some time it will block internet. Please do need full.
07-02-2013 07:01 AM
Manoj,
Can you please provide us the configuration of your device?
Regards
Inayath
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide