10-07-2012 02:22 PM - edited 03-07-2019 09:19 AM
Hi. İ want to limit ssh access without acl. İt means for example i have 2 pc ( pc1 , pc 2) i want pc1 can do ssh to router but pc 2 can not to do ssh to router ?
Sent from Cisco Technical Support iPhone App
10-07-2012 02:51 PM
It is strange that you do not want to use an access-group that is the easy way.
The only other way I can think of is to have the management ip on a different sub net and then add a second ip to the pc that should have access.
Sent from Cisco Technical Support iPad App
10-07-2012 06:55 PM
hello,
you can use a local username and password on the router or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS to connect to the router.
hope this will help.
thanks
10-07-2012 11:28 PM
HI Sahar,
It is best and easy to use a ACL to restrict the access to other users.
I will look around , how to restrict SSH without using of ACL.
but till then u can try this, if you want:
By ACL:
access-list 5 permit (Hostname) 0.0.0.0 access-list 5 deny any any
then apply to Line vty
line vty 0 4 ! Only allow ssh tranport input ssh ! Apply our access list for incoming connections access-class 5 in ! Finally, apply an exec-timeout, which will disconnect an idle connection ! The timeout is 10 minutes and 0 seconds exec-timeout 10 0
Regards
Please rate if it helps.
10-08-2012 02:26 AM
Hi,
you could try using a MQC policy dropping ssh access from the MAC address of PC2.
class-map BLOCKED_SSH
match source-address-mac xxxx.xxxx.xxxx
match protocol ssh
policy-map BLOCK_SSH
class BLOCKED_SSH
drop
int x/x
service-policy input BLOCKED_SSH
Regards.
Alain
Don't forget to rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: