Virtual Terminal Access Lists - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual

JunosE 11.3.x System Basics Configuration Guide

Virtual Terminal Access Lists

access-class in
access-list
420
host1(config-line)#password 0 mypassword
Example 2 (secret)
host1(config-line)#password 5 bcA";+1aeJD8)/[1ZDP6
Example 3 (encrypted password)
host1(config-line)#password 7 dq]XG`,%N"SS7d}o)_?Y
Use the no version to remove the password. By default, no password is specified.
See password.
You can provide additional security for your router by using access lists to restrict access
to vty lines.
When the router attempts to authenticate a user, it always selects the first vty line that
has an access class that permits that user's host. The vty line's configuration must
authenticate the user to allow access. Otherwise, the user can never gain access.
Consequently, we recommend that you use identical authentication configurations for
all vtys that have the same access class list.
To set up access lists:
Associate the access list with inbound Telnet sessions.
host1(config)#line vty 12 15
host1(config-line)#access-class Management in
Configure an access list.
host1(config)#access-list Management permit ip 192.168.11.16 0.0.0.15 any
host1(config)#access-list Management permit ip 192.168.4.0 0.0.0.255
host1(config)#access-list Management deny ip any any
Use to associate the access list with vty lines.
Example—This example sets the virtual terminal lines to which you want to restrict
access and specifies an access class to grant access to incoming requests.
host1(config)#line vty 12 15
host1(config-line)#access-class Management in
Use the no version to remove access restrictions.
See access-class in.
Use to configure an access list.
Example
host1(config)#access-list Management permit ip 192.168.11.16 0.0.0.15 any
Copyright © 2010, Juniper Networks, Inc.