CISCO EXPERT – CCIE#23373

Ricardo Martins

Posts Tagged ‘Access Server’

Cisco Expert – Tips for your Cisco Access Server

Posted by Ricardo Martins on November 8, 2008

Alright, first of all forgive me if there’s a better way to do this. I found this one myself so probably..mmm…there is a better way.

The question is – How do you stop people from reverse telnet to one of your devices, assuming your Cisco Access Server IP is 1.1.1.1??

When you build a host table in the Access Server, you use ports 2001 – 2016 right? So by telnet 1.1.1.1 2007, you end up let’s say on Router 7. This is great for using tabs with SecureCRT for instance, but also causes the problem that anyone in the network can open a console connection straight into Router 7 without authenticating on the Access Server first. My solution works fine, however you won’t be able to use tabs in CRT anymore, which I don’t like anyways.

Here’s the Access server config:

line 1 16
access-class 100 in
no exec <--Stops the gibberish and stops the lines getting busy constantly, WOW!
transport input all

access-list 100 permit tcp host 1.1.1.1 any range 2001 2016

This access-list, only allows your Access Server to open console connections to your devices.

That’s it!!! Now everyone needs to authenticate first in the Access Server prior to open any console connections to your devices.

Posted in Tips | Tagged: | 2 Comments »