Command Center

• madcow
  think that service password encryption should be enabled. (even if its low end security) u do not want save the passwords in clear text. and you probably want to create an access to block off access from the entire world (you only want to connect to it from within your own network) so:
  
  !enter configuration mode
  conf t
  
  !enable service password encryption
  service password encryption
  
  !password for privilaged acccess
  enable password keepout
  
  !access list for whatever you netblock is
  access-list 1 permit 192.168.0.0 0.0.0.255
  
  !enter telnet config mode
  line vty 0 4
  password keepout
  login
  access-class 1 in

Example of Restricting Telnet access with an Access-list

Quickly, let me provide another example of using an ACL. Say that you are still on the Chicago router. You want to only allow your PC’s IP address (on the Chicago LAN) access to TELNET, to the router. Yes, you could do this with an ACL on the Interface but, instead, let’s do it by using the access-class statement on the vty lines. To do this, you only need a standard access-list. Say that your PC’s IP address is 10.10.2.100. First, create an access-list to specify traffic with that source, like this:

Next, apply this ACL to all 5 VTY lines using the vty range configuration, using the access-class statement, like this: By creating this ACL and applying it to all 5 VTY lines, we are saying that only IP address 10.10.2.100 can TELNET to this Cisco router. This is just another example of the many uses of an ACL.