05-02-2020 03:56 PM
Hello,
is there a way to disable ssh/telnet etc on gi/0/0 on a Cisco 2900 series router?
I have a lot of attempted connects like "%SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection from 94.182.191.167"
From countries that rhyme with china, iran etc.
thanks,
Ron
05-02-2020 04:05 PM
You can configure a simple standard ACL and permit IPs of hosts you want to allow the ssh from and deny everything else. You will just have to call the ACL in line vty.
05-02-2020 04:31 PM
well, it's on the port that connects to the WAN side of the router, and I don't think anything/one should be able to connect to it.
What would a simple ACL to do that look like?
thanks,
Ron
05-02-2020 08:57 PM
You can configure simple ACL as:
access-list 1 permit host x.x.x.x
!
line vty 0 4
access-class 1 in
here: X.X.X.X is your management server IP address.
05-03-2020 07:32 AM
A standard acl applied using access-class on vty is certainly one solution. If G0/0 is the Internet facing Interface then perhaps it already has a screening acl applied and if so then there is the option to add statements denying inbound telnet and ssh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide