10-07-2012 02:22 PM - edited 03-07-2019 09:19 AM
Hi. İ want to limit ssh access without acl. İt means for example i have 2 pc ( pc1 , pc 2) i want pc1 can do ssh to router but pc 2 can not to do ssh to router ?
Sent from Cisco Technical Support iPhone App
10-07-2012 02:51 PM
It is strange that you do not want to use an access-group that is the easy way.
The only other way I can think of is to have the management ip on a different sub net and then add a second ip to the pc that should have access.
Sent from Cisco Technical Support iPad App
10-07-2012 06:55 PM
hello,
you can use a local username and password on the router or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS to connect to the router.
hope this will help.
thanks
10-07-2012 11:28 PM
HI Sahar,
It is best and easy to use a ACL to restrict the access to other users.
I will look around , how to restrict SSH without using of ACL.
but till then u can try this, if you want:
By ACL:
access-list 5 permit (Hostname) 0.0.0.0 access-list 5 deny any any
then apply to Line vty
line vty 0 4 ! Only allow ssh tranport input ssh ! Apply our access list for incoming connections access-class 5 in ! Finally, apply an exec-timeout, which will disconnect an idle connection ! The timeout is 10 minutes and 0 seconds exec-timeout 10 0
Regards
Please rate if it helps.
10-08-2012 02:26 AM
Hi,
you could try using a MQC policy dropping ssh access from the MAC address of PC2.
class-map BLOCKED_SSH
match source-address-mac xxxx.xxxx.xxxx
match protocol ssh
policy-map BLOCK_SSH
class BLOCKED_SSH
drop
int x/x
service-policy input BLOCKED_SSH
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide