1 Reply Latest reply on Dec 5, 2015 9:43 PM by jayh

    Trying to block ssh, telnet, http to NetVanta4305.

    eborisov New Member

      I am trying to implement ACL or may be some other method on Netvanta4305 so no one but only my internal subnet can connect to the unit for administrative purposes. This is a public faced router. I am a bit lost at the hardware ACL, IP ACL and the firewall. Firewall is not running and not needed on this unit.

      How would I implement such a simple thing (I would think)?

       

      Thank you

       

      Eugene

        • Re: Trying to block ssh, telnet, http to NetVanta4305.
          jayh Hall_of_Fame

          ip access-list standard admin-access

            permit [internal-network] [wildcard-mask]

            permit [second internal network] [wildcard-mask]

            [etc...]

          line ssh 0 4

          access-class admin-access in

          !

          line telnet 0 4

          access-class admin-access in

          !

          http ip access-class admin-access in

          !

          http ip secure-access-class admin-access in

          !

           

          Example of wildcard mask for internal network, this can be tricky if you aren't familiar with it. 

          permit 192.168.1.0 0.0.0.255

          Subtract each octet of a regular netmask from 255 and you're good to go.

           

          For some versions of AOS the "ip" keyword is missing from the http commands, just use:

           

          http access-class admin-access in

          http secure-access-class admin-access in


          if it gives you an error.