Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
eborisov
New Contributor II
‎12-04-2015 11:35 AM

Trying to block ssh, telnet, http to NetVanta4305.

I am trying to implement ACL or may be some other method on Netvanta4305 so no one but only my internal subnet can connect to the unit for administrative purposes. This is a public faced router. I am a bit lost at the hardware ACL, IP ACL and the firewall. Firewall is not running and not needed on this unit.

How would I implement such a simple thing (I would think)?

Thank you

Eugene

Tags (1)
0 Kudos
Reply
1 Reply
jayh
Honored Contributor
Honored Contributor
‎12-05-2015 11:43 PM

Re: Trying to block ssh, telnet, http to NetVanta4305.

ip access-list standard admin-access

  permit [internal-network] [wildcard-mask]

  permit [second internal network] [wildcard-mask]

  [etc...]

line ssh 0 4

access-class admin-access in

!

line telnet 0 4

access-class admin-access in

!

http ip access-class admin-access in

!

http ip secure-access-class admin-access in

!

Example of wildcard mask for internal network, this can be tricky if you aren't familiar with it. 

permit 192.168.1.0 0.0.0.255

Subtract each octet of a regular netmask from 255 and you're good to go.

For some versions of AOS the "ip" keyword is missing from the http commands, just use:

http access-class admin-access in

http secure-access-class admin-access in


if it gives you an error.



0 Kudos
Accept as Solution Reply