prohibit putty connection to router/wireleass access point

Mary · ‎09-28-2015

I want prohibit our local user using laptop and putty to logon to router and access point, even they know user ID/password, how to do?

when they try, it should say" connection refused"

but only allow two IT network admin to login to router and AP. but my IT admin and business user under same vlan 60.

Mark Malone · ‎09-29-2015

Hi

as an option you could block them on your VTY access-list deny there specific host ip address even if they have a password they wont be able to access it as ip is not allowed into router so they wont even reach login

example base on ssh change to 23 if using telnet
line vty 0 4
access-class 125 in

access-list 125 remark VTY restricted access list
access-list 125 deny tcp host 10.1.1.16 any eq 22 -------------------------- block the user
access-list 125 permit tcp host 10.1.1.21 any eq 22-------------------------allow other user
access-list 125 deny ip any any log

Mary · ‎09-29-2015

No, we are using windows DHCP, can it be blocked by computer name like WJPN001, WJPN002...

user is using wifi ap, so every time IP change.

also this is only implemented in router.

how can this be done in lightweight AP and switch

johnd2310 · ‎09-29-2015

Hi,

Create a jumpbox and only allow the jumpbox to access the routers/switches via the access list. A jumpbox is a PC that Network Admins need to log into to manage the network devices.

Thanks

John

**Please rate posts you find helpful**