Improve company productivity with a Business Account.Sign Up

x
?
Solved

Cisco 2811 telnet/ssh

Posted on 2013-06-18
4
Medium Priority
?
1,875 Views
Last Modified: 2013-06-28
Hello i need a reminder on how to configure telnet/ssh to remotely administer a router via its outside interface configured with a public IP...

is this all i need?

=========================
access-list 1 permit any any


line vty 0 4
 access-class 1 in
 privilege level 15
 password xxxxxxxxxxxxx
 login
 transport input all

==========================
0
Comment
Question by:lurezero
4 Comments
 
LVL 4

Expert Comment

by:MarcusSjogren
ID: 39257592
Hi,

Not sure about "access-class 1 in" but other than that - yea, its all you need for basic telnet access.
You can also define authentication-groups etc to authenticate against radius servers etc.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 600 total points
ID: 39257626
Well, the "privilege 15" isn't mandatory. It just lets you bypass having to manually get to privileged mode.

And I'm assuming that you have an access-list 1 that is permitting a specific IP address (or network) that is allowed to log in to the router.

If so, you're all set. I would probably change the "transport input all" to "transport input ssh telnet". No need to open up every service if you're not using it.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39258443
You may want to re-evaluate applying acl permitting any any on a public interface?

Using an inside private IP should suffice. You just need to configure static NAT to that IP on port 23 (telnet),

I also would not recommend running a telnet session (unsecure - plain text transmission) over the internet.

Consider SSH (port 22)
0
 
LVL 12

Accepted Solution

by:
ryan80 earned 1400 total points
ID: 39260309
that is fine for telnet but there is other work that needs to be done for ssh.

you need to make sure that your router has a hostname

#hostname whatever

You need to configure the ip domain name

#ip domain-name whatever.com

you need to generate the rsa key

#crypto key generate rsa

you will need to have a username and password for ssh to work I always use a global username and password or aaa, but i believe that you can just define it under the line vty as well.

# username whatevername password whateverpassword
under line vty # login LOCAL


Now ssh should work as well.
http://www.trainsignal.com/blog/configure-secure-shell-ssh-on-cisco-router
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question