cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mr_duck
New Contributor

How can I restrict access to GUI to local users only?

Jump to solution

Hi. I have a Netvanta 1335, and I've got it configured to provide bridging between the big internet and my local network. I have a /26 allocated, and I wish to provide unfiltered access (that is, no firewall, with users behind the Netvanta having public IP addresses,) ideally NOT by natting from (for example) 67.1.2.3 > 10.10.10.40, but rather letting user Joe actually assign a static IPv4 address of 67.1.2.3.

I have therefore *disabled* the firewall feature in the Netvanta 1335. However, now the router's IP address and the GUI are both accessable at a public IP address. I would ideally like to be able to telnet and access the GUI ONLY from devices that are attached on the "inside" (my private LAN, connected to Switchport ETH 0/2 or something like that.)

I dont' have any ACLS or ALGs set up. I do understand there are probably several ways to do this, but I'm not really sure how to evaluate the different methods (eg, one way would be to firewall everything off, but specifically open bi-drectional access to 67.1.2.3, 67.1.2.4, etc) - That is in fact how I've done this on the "little" Adtran 2054 I have on my home LAN, but the 1335 seems quite different)

I know just enough about AOS to be dangerous to myself and my client (that is, I am a geek but I know nothing about how to do this!)

Can anybody help? Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: How can I restrict access to GUI to local users only?

Jump to solution

Here's how I would do it - syntax may vary slightly depending on whether your AOS supports IPv6.

ip access-list standard admin-access

   permit 67.1.2.0 0.0.0.63

http ip access-class admin-access in

http ip secure-access-class admin-access in

line telnet 0 4

   ip access-class admin-access in

line ssh 0 4

   ip access-class admin-access in

snmp-server community itsasecret ro ip access-class admin-access

Best to do this from the console in case you lock yourself out with a typo. 

View solution in original post

0 Kudos
5 Replies
jayh
Honored Contributor
Honored Contributor

Re: How can I restrict access to GUI to local users only?

Jump to solution

Here's how I would do it - syntax may vary slightly depending on whether your AOS supports IPv6.

ip access-list standard admin-access

   permit 67.1.2.0 0.0.0.63

http ip access-class admin-access in

http ip secure-access-class admin-access in

line telnet 0 4

   ip access-class admin-access in

line ssh 0 4

   ip access-class admin-access in

snmp-server community itsasecret ro ip access-class admin-access

Best to do this from the console in case you lock yourself out with a typo. 

View solution in original post

0 Kudos
mr_duck
New Contributor

Re: How can I restrict access to GUI to local users only?

Jump to solution

Wow, thanks for the reply!

Quick question (I will post on the board too, but I have to log in to

do that..)

What do these commands in your script do? What does "0 4" refer to?

line telnet 0 4

ip access-class admin-access in

line ssh 0 4

ip access-class admin-access in

Thanks!

/Larry Honig

Quoting jayh <adtran@adtran.hosted.jivesoftware.com>:

jayh created the discussion

"How can I restrict access to GUI to local users only?"

To view the discussion, visit:

https://supportforums.adtran.com/message/9098#9098

>

jayh
Honored Contributor
Honored Contributor

Re: How can I restrict access to GUI to local users only?

Jump to solution

mr.duck wrote:



What do these commands in your script do? What does "0 4" refer to?




line telnet 0 4


   ip access-class admin-access in


line ssh 0 4


   ip access-class admin-access in




Telnet and SSH are standard and encrypted means to log in to the unit via command-line, respectively.  Each method supports up to five simultaneous login sessions numbered 0 through 4.  (Real hackers start counting with 0.)  These commands limit the access to the command line interface to the addresses in the ACL.

mr_duck
New Contributor

Re: How can I restrict access to GUI to local users only?

Jump to solution

Heh. I do know about 0-base indices, ssh and telnet. I did not know

about the 5 session limit, nor that you could control individual

sessions per protocol. Thank you!

Quoting jayh <adtran@adtran.hosted.jivesoftware.com>:

jayh created the discussion

"How can I restrict access to GUI to local users only?"

To view the discussion, visit:

https://supportforums.adtran.com/message/9099#9099

>

Anonymous
Not applicable

Re: How can I restrict access to GUI to local users only?

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor