Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
0
Helpful
4
Replies

Cisco 2900 disabling ssh/telnet etc on gi0/0

roncro
Level 3
Level 3

‎05-02-2020 03:56 PM

Hello,

 

is there a way to disable ssh/telnet etc on gi/0/0 on a Cisco 2900 series router?

 

I have a lot of attempted connects like "%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 94.182.191.167"

 

From countries that rhyme with china, iran etc.

 

thanks,

 

Ron

Labels:
0 Helpful
4 Replies 4

Gucamole
Level 1
Level 1

‎05-02-2020 04:05 PM

You can configure a simple standard ACL and permit IPs of hosts you want to allow the ssh from and deny everything else. You will just have to call the ACL in line vty.

0 Helpful

roncro
Level 3
Level 3
In response to Gucamole

‎05-02-2020 04:31 PM

well,  it's on the port that connects to the WAN side of the router, and I don't think anything/one should be able to connect to it. 

 

What would a simple ACL  to do that look like?

 

thanks,

 

Ron

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎05-02-2020 08:57 PM

You can configure simple ACL as:

 

access-list 1 permit host x.x.x.x

!

line vty 0 4

access-class 1 in

 

here: X.X.X.X is your management server IP address.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Deepak Kumar

‎05-03-2020 07:32 AM

A standard acl applied using access-class on vty is certainly one solution. If G0/0 is the Internet facing Interface then perhaps it already has a screening acl applied and if so then there is the option to add statements denying inbound telnet and ssh. 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card