Solved

Cisco 2811 telnet/ssh

Posted on 2013-06-18
4
1,654 Views
Last Modified: 2013-06-28
Hello i need a reminder on how to configure telnet/ssh to remotely administer a router via its outside interface configured with a public IP...

is this all i need?

=========================
access-list 1 permit any any


line vty 0 4
 access-class 1 in
 privilege level 15
 password xxxxxxxxxxxxx
 login
 transport input all

==========================
0
Comment
Question by:lurezero
4 Comments
 
LVL 4

Expert Comment

by:MarcusSjogren
ID: 39257592
Hi,

Not sure about "access-class 1 in" but other than that - yea, its all you need for basic telnet access.
You can also define authentication-groups etc to authenticate against radius servers etc.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 39257626
Well, the "privilege 15" isn't mandatory. It just lets you bypass having to manually get to privileged mode.

And I'm assuming that you have an access-list 1 that is permitting a specific IP address (or network) that is allowed to log in to the router.

If so, you're all set. I would probably change the "transport input all" to "transport input ssh telnet". No need to open up every service if you're not using it.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39258443
You may want to re-evaluate applying acl permitting any any on a public interface?

Using an inside private IP should suffice. You just need to configure static NAT to that IP on port 23 (telnet),

I also would not recommend running a telnet session (unsecure - plain text transmission) over the internet.

Consider SSH (port 22)
0
 
LVL 12

Accepted Solution

by:
ryan80 earned 350 total points
ID: 39260309
that is fine for telnet but there is other work that needs to be done for ssh.

you need to make sure that your router has a hostname

#hostname whatever

You need to configure the ip domain name

#ip domain-name whatever.com

you need to generate the rsa key

#crypto key generate rsa

you will need to have a username and password for ssh to work I always use a global username and password or aaa, but i believe that you can just define it under the line vty as well.

# username whatevername password whateverpassword
under line vty # login LOCAL


Now ssh should work as well.
http://www.trainsignal.com/blog/configure-secure-shell-ssh-on-cisco-router
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HPE Procurve/Aruba BGP Prepend Route-Map experience? 2 47
Fortigate Question 5 23
SSG50 Firewall Rules 17 30
Draytek (Site to Site VPN using IPSec) 6 43
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question