Differences

This shows you the differences between two versions of the page.

--- training:pacnog21:2-securing-router [2017/12/07 14:51] – [Applying the filter to the VTY ports] philip
+++ training:pacnog21:2-securing-router [2017/12/07 14:52] (current) – [Configuring Telnet VTY access for IPv6] philip
@@ Line 80: / Line 80: @@
 Configure a filter to allow only the trusted hosts to have Telnet access. Note that all attempts are logged by the router system log process, so that there is an audit trail of all access to the router. Part of the AAA suite in Cisco IOS allows these authentication logs to be exported to a syslog server where further access tracking can be undertaken.
+We will use the loopback addresses for the filter, as we should normally be telnetting from router to router sourced from the loopback interface. From the address plan, you can see that the loopbacks for the routers in our AS come from 2001:DB8:X0:0::/64 - the first /64 in the IPv6 address block. Update the configuration as per this example:
-  ipv6 access-list v6-vty-filter
-   permit host ipv6-address any
-Replace //ipv6-address// with the IPv6 address of the **host** you would like to have access. Test this with routers in the same AS; which means that routers in the same AS should permit telnet access from the others. Take the IPv6 address of the physical interface of the adjacent router connecting to your router, and add that into the access-list you have configured.
-Now try and include the loopback addresses, as we should normally be telnetting from router to router sourced from the loopback interface. From the address plan, you can see that the loopbacks for the routers in our AS come from 2001:DB8:X0:0::/64 - the first /64 in the IPv6 address block. Update the configuration as per this example:
   ipv6 access-list v6-vty-filter