Solved

Cisco 2811 telnet/ssh

Posted on 2013-06-18
4
1,690 Views
Last Modified: 2013-06-28
Hello i need a reminder on how to configure telnet/ssh to remotely administer a router via its outside interface configured with a public IP...

is this all i need?

=========================
access-list 1 permit any any


line vty 0 4
 access-class 1 in
 privilege level 15
 password xxxxxxxxxxxxx
 login
 transport input all

==========================
0
Comment
Question by:lurezero
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 4

Expert Comment

by:MarcusSjogren
ID: 39257592
Hi,

Not sure about "access-class 1 in" but other than that - yea, its all you need for basic telnet access.
You can also define authentication-groups etc to authenticate against radius servers etc.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 39257626
Well, the "privilege 15" isn't mandatory. It just lets you bypass having to manually get to privileged mode.

And I'm assuming that you have an access-list 1 that is permitting a specific IP address (or network) that is allowed to log in to the router.

If so, you're all set. I would probably change the "transport input all" to "transport input ssh telnet". No need to open up every service if you're not using it.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39258443
You may want to re-evaluate applying acl permitting any any on a public interface?

Using an inside private IP should suffice. You just need to configure static NAT to that IP on port 23 (telnet),

I also would not recommend running a telnet session (unsecure - plain text transmission) over the internet.

Consider SSH (port 22)
0
 
LVL 12

Accepted Solution

by:
ryan80 earned 350 total points
ID: 39260309
that is fine for telnet but there is other work that needs to be done for ssh.

you need to make sure that your router has a hostname

#hostname whatever

You need to configure the ip domain name

#ip domain-name whatever.com

you need to generate the rsa key

#crypto key generate rsa

you will need to have a username and password for ssh to work I always use a global username and password or aaa, but i believe that you can just define it under the line vty as well.

# username whatevername password whateverpassword
under line vty # login LOCAL


Now ssh should work as well.
http://www.trainsignal.com/blog/configure-secure-shell-ssh-on-cisco-router
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question