Sunday, March 30, 2014

Cisco: Configure VTY Access

First of all, what is VTY?
VTY stands for Virtual Teletype. Today its more common to describe it as virtual terminal lines.
VTY lines are used  to allow remote inbound connections (Telnet or SSH) and therefor eliminate the need to use psychical serial cable like the rollover cable.

You can see the configuration of the VTY lines by running the show running-config command. If its brand new router you will see two simples lines:

line vty 0 4

0 4 is the numbers of virtual terminal lines. In this case 5 lines.
You can double check it by using the show line command:

As you can see from the image above, we have five virtual terminal lines.
Now, I prefer to disable telnet connections due to security issues. You can allow ssh only, with the following steps:

If you want to take it one step further, you can allow access to your host only with the following steps:

The first step was to permit only single host to connect. After creating the IP access list, we  apply it on the vty lines with the access-class command.


Post a Comment