Solved

Cisco 2811 telnet/ssh

Posted on 2013-06-18
4
1,728 Views
Last Modified: 2013-06-28
Hello i need a reminder on how to configure telnet/ssh to remotely administer a router via its outside interface configured with a public IP...

is this all i need?

=========================
access-list 1 permit any any


line vty 0 4
 access-class 1 in
 privilege level 15
 password xxxxxxxxxxxxx
 login
 transport input all

==========================
0
Comment
Question by:lurezero
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 4

Expert Comment

by:MarcusSjogren
ID: 39257592
Hi,

Not sure about "access-class 1 in" but other than that - yea, its all you need for basic telnet access.
You can also define authentication-groups etc to authenticate against radius servers etc.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 150 total points
ID: 39257626
Well, the "privilege 15" isn't mandatory. It just lets you bypass having to manually get to privileged mode.

And I'm assuming that you have an access-list 1 that is permitting a specific IP address (or network) that is allowed to log in to the router.

If so, you're all set. I would probably change the "transport input all" to "transport input ssh telnet". No need to open up every service if you're not using it.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39258443
You may want to re-evaluate applying acl permitting any any on a public interface?

Using an inside private IP should suffice. You just need to configure static NAT to that IP on port 23 (telnet),

I also would not recommend running a telnet session (unsecure - plain text transmission) over the internet.

Consider SSH (port 22)
0
 
LVL 12

Accepted Solution

by:
ryan80 earned 350 total points
ID: 39260309
that is fine for telnet but there is other work that needs to be done for ssh.

you need to make sure that your router has a hostname

#hostname whatever

You need to configure the ip domain name

#ip domain-name whatever.com

you need to generate the rsa key

#crypto key generate rsa

you will need to have a username and password for ssh to work I always use a global username and password or aaa, but i believe that you can just define it under the line vty as well.

# username whatevername password whateverpassword
under line vty # login LOCAL


Now ssh should work as well.
http://www.trainsignal.com/blog/configure-secure-shell-ssh-on-cisco-router
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question