cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
320
Views
0
Helpful
4
Replies
roncro
Participant

Cisco 2900 disabling ssh/telnet etc on gi0/0

Hello,

 

is there a way to disable ssh/telnet etc on gi/0/0 on a Cisco 2900 series router?

 

I have a lot of attempted connects like "%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 94.182.191.167"

 

From countries that rhyme with china, iran etc.

 

thanks,

 

Ron

4 REPLIES 4
Gucamole
Beginner

You can configure a simple standard ACL and permit IPs of hosts you want to allow the ssh from and deny everything else. You will just have to call the ACL in line vty.

well,  it's on the port that connects to the WAN side of the router, and I don't think anything/one should be able to connect to it. 

 

What would a simple ACL  to do that look like?

 

thanks,

 

Ron

Deepak Kumar
VIP Advocate

You can configure simple ACL as:

 

access-list 1 permit host x.x.x.x

!

line vty 0 4

access-class 1 in

 

here: X.X.X.X is your management server IP address.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

A standard acl applied using access-class on vty is certainly one solution. If G0/0 is the Internet facing Interface then perhaps it already has a screening acl applied and if so then there is the option to add statements denying inbound telnet and ssh. 

HTH

Rick