10.3 Restricting Virtual Terminal Access
10.3.2 Virtual terminal line commands
There are two new commands used to configure vty access:
  • line
  • access-class

The line Command

Use the line command to place the router in line configuration mode.

line {vty-number | vty-range}


The
access-class
Command

Use the access-class command to link an existing access list to a terminal line or range of lines.

access-class  access-list-number {in | out}


Virtual Terminal Access Example

Consider the sample configuration that follows:

access-list 12 permit 192.89.55.0 0.0.0.255
!
line vty 0 4
access-class 12 in

In this example, you are permitting any device on network 192.89.55.0 to establish a vty (Telnet) session with the router. Of course, the user must know the appropriate passwords to enter user mode and privileged mode. Notice that identical restrictions have been set on all vty lines (0–4) because you cannot control the vty line to which a user will connect. The implicit deny any still applies in an alternative application, such as limiting vty access.

Lab Activity
  In this lab, you will learn how to use the access-class and line commands to control vty access.