04-28-2012 01:24 AM - edited 03-04-2019 04:11 PM
Hi
Two users are locally created on cisco 2801 router and need to restrict ssh access to a specific user only and one public ip.
username cisco password cisco
username cisco1 password 123456
public ip 123.123.123.123
Can anyone guide me
cheers
Paul
04-28-2012 01:38 AM
Hi Paul ,
I do not think that you can do it per user, but globaly. You can try :
ip access-l stan VTY
permit host 123.123.123.123
line vty 0 15
transport input ssh
access-class VTY in
The access-list should contain all the IPs where you accept the remote connections.
The "transport input" will set the permited input management connections, on VTYs.
Dan
04-28-2012 02:04 AM
I knew for IP restrictive access but restrictive access for username I am not aware
04-28-2012 04:32 AM
You can use a Radius server that. When it sees the request coming from certain networks for a certain username, it will allow or deny access.
That will require writing some advanced radius config, and in practice is probably not a real necessity.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide