Ricardo Martins

Cisco Expert – Tips for your Cisco Access Server

Posted by Ricardo Martins on November 8, 2008

Alright, first of all forgive me if there’s a better way to do this. I found this one myself so probably..mmm…there is a better way.

The question is – How do you stop people from reverse telnet to one of your devices, assuming your Cisco Access Server IP is

When you build a host table in the Access Server, you use ports 2001 – 2016 right? So by telnet 2007, you end up let’s say on Router 7. This is great for using tabs with SecureCRT for instance, but also causes the problem that anyone in the network can open a console connection straight into Router 7 without authenticating on the Access Server first. My solution works fine, however you won’t be able to use tabs in CRT anymore, which I don’t like anyways.

Here’s the Access server config:

line 1 16
access-class 100 in
no exec <--Stops the gibberish and stops the lines getting busy constantly, WOW!
transport input all

access-list 100 permit tcp host any range 2001 2016

This access-list, only allows your Access Server to open console connections to your devices.

That’s it!!! Now everyone needs to authenticate first in the Access Server prior to open any console connections to your devices.


2 Responses to “Cisco Expert – Tips for your Cisco Access Server”

  1. Edwinrg00 said

    Pretty nice tip. I hate that damn “line busy”.


    Wish you the best on your next lab attempt.


  2. is a premium source of IT certification exam course material at affordable prices…

    […]Cisco Expert – Tips for your Cisco Access Server « CISCO EXPERT – CCIE#23373[…]…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: