Adtran
Help
The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
eborisov
New Contributor II
‎12-04-2015 11:35 AM

Trying to block ssh, telnet, http to NetVanta4305.

I am trying to implement ACL or may be some other method on Netvanta4305 so no one but only my internal subnet can connect to the unit for administrative purposes. This is a public faced router. I am a bit lost at the hardware ACL, IP ACL and the firewall. Firewall is not running and not needed on this unit.

How would I implement such a simple thing (I would think)?

Thank you

Eugene

Tags (1)
0 Kudos
Reply
1 Reply
jayh
Honored Contributor
Honored Contributor
‎12-05-2015 11:43 PM

Re: Trying to block ssh, telnet, http to NetVanta4305.

ip access-list standard admin-access

  permit [internal-network] [wildcard-mask]

  permit [second internal network] [wildcard-mask]

  [etc...]

line ssh 0 4

access-class admin-access in

!

line telnet 0 4

access-class admin-access in

!

http ip access-class admin-access in

!

http ip secure-access-class admin-access in

!

Example of wildcard mask for internal network, this can be tricky if you aren't familiar with it. 

permit 192.168.1.0 0.0.0.255

Subtract each octet of a regular netmask from 255 and you're good to go.

For some versions of AOS the "ip" keyword is missing from the http commands, just use:

http access-class admin-access in

http secure-access-class admin-access in


if it gives you an error.



0 Kudos
Accept as Solution Reply