I would like to log into a Cisco router that is in a LAN
- via telnet or ssh
- as user
<username>with a password<password> - only from machines in the LAN
192.168.2.0/24
About the user:
I usually use the flat blue cable and connect to the router using Hyperterminal.
I run enable and then I'm asked for a password.
So I don't know the username associated with this password…
What is the associated username?
Suppose it is <username>.
I would like to run telnet 192.168.2.1 -l <username>
and then enter the password.
Or ssh <username>@192.168.2.1 and then enter the password.
I want this user to be able to telnet or ssh into the router only from machines inside the LAN 192.168.2.0/24.
I don't know precisely how to do that.
Do I need an access-list like this one?
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 23
or
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 22
Then do I have to associate this access-list to the router inside network interface (VLan1)?
Can you help me set up the sequence of commands I have to run to achieve that goal?
EDIT N°1
Ok.
I ran:
conf t
line vty 0 4
login local
and:
conf t
username <username> privilege 15 secret <password>
I can log into the router as:
telnet 192.168.2.1
Username: <username>
Password: <password>
Question 1: How to make sure the router cannot be telneted into from outside the
LAN?
Question 2: I cannot log into the router via SSH:
ssh <username>@192.168.2.1
ssh: connect to host 192.168.2.1 port 22: Connection refused
Best Answer
You can use these commands to set up telnet access
Now you should be able to telnet to 192.168.2.1.