Pages

Tuesday 8 May 2012

How to allow the vty acesss only during working time

This is a sample configuration for conditional ACL is often called Lock & Key. By the authenticating, router will allow traffic for certain time.

Host IP = 10.10.12.1
Cisco-router = Fa0/0:10.10.12.2
Server IP = 10.10.23.3

1. Create Account


Cisco-router(config)# username ACCESS password cisconet

2. Create ACL

Cisco-router(config)# access-list 101 permit tcp any host 10.10.12.2 eq telnetCisco-router(config)# access-list 101 dynamic ACCESS timeout 2 permit ip any any
* Timeout in minute.
** dynamic ACL name ; ACCESS

3. Apply ACL

Cisco-router(config)# interface fa0/0Cisco-router(config-if)# ip access-group 101 in
4. Configure vty

Cisco-router(config)# line vty 0 4
Cisco-router(config-line)# login localCisco-router(config-line)# autocommand access-enable host timeout 1
* timeout in minute

5. Verifying

From host/10.10.12.1, telnet into 10.10.12.2 to get authentication. After authenticating, router will allow traffic for host 10.10.12.1
Cisco-router#sh ip access-lists 101
Extended IP access list 101
10 permit tcp any host 10.10.12.2 eq telnet (75 matches)
20 Dynamic telnet permit ip any any

permit ip host 10.10.12.1 any (49 matches) (time left 54)

No comments:

Post a Comment