Configure Access Control Lists
CCNA R & S

How to Configure Access Control List for VTY lines (TELNET and SSH)

  This article describes the creation and Configure Access Control Lists (ACLs) using telnet and ssh connection. Access control lists are a group of conditions that are wrapped together by a particular name or number. The conditions used in this group are the number. And these conditions are used to avoid traffic on routes. Through these conditions, we can avoid or filter traffic.

Standard Access Control List is one type of oldest control list among the access control list. Standard Access Control List can control traffic by managing the data’s belongs to them. Based on the source IP address of datagram packets traffics gets controlled. By using the “access-list” IOS command standard access list can be created.

In an extended control list, they can differentiate the IP traffic, unlike the Standard Access Control List. In Extended ACL they use both source and destination address and the port number to differentiate the IP traffic. Here we can define which IP address needs to be allowed or get denied and the range is from 100-199 and 2000-2699. Extended control list filter packets which are near to source address. Otherwise, if the extended access control lists are placed in the destination network they will use the bandwidth till the packets reach the destination and the unwanted traffic will get filtered till the final destination.

Unique numbers are called port numbers. For example, the port number used by web traffic is 80 and the port number of telnet is 23. Two types of port numbers used are well-known port numbers and registered port numbers. The range from 0 and 1023 are well-known port numbers. The range from 1024 and 49151 are registered port numbers, and there is one more port number named dynamic or private port number and ranges from 49152 through 65535. Some of the port numbers are listed below:

Port Name                       Keyword

FTP Data (TCP port number 20) ftp-data

FTP Control (TCP port number 21) ftp

Telnet (TCP port number 23) telnet

SMTP (TCP port number 25) smtp

In the router, if a telnet or ssh connection is made, then the router will connect to the virtual terminal line (VTY). The configuration of access control is important to the virtual terminal lines (VTY) because to make telnet or ssh connection to the router it requires or uses only one of the network administration.

CREATION OF STANDARD ACCESS CONTROL LIST USING THE TELNET OR SSH CONNECTION

Let us consider an example that contains three routers, three servers, switches, and six workstations. The provided three routers can be named as router01, router02, router03, and workstations as workstation01, workstation02, workstation03, workstation04, workstation05 and workstation06respectively.

During the creation of a standard access control list using the telnet or ssh connection can happen only from workstation06 to router 03. Access list command is used for the configuration with router03.

APPLYING STANDARD ACCESS CONTROL LIST USING THE TELNET OR SSH CONNECTION

Before applying we can create a standard access control list and can get applied through 172.18.0.12 network only.

Also, read…


Download How to Create and Configure Access Control Lists for VTY lines (TELNET and SSH) in pdf – Click here