Catalyst 6509 Switch access control [7:63358]
I'm trying to put access controls on who can telnet into a Catalyst 6509 switch, but I'm stuck. The supervisor engine is 1A running 5.5(1) software. In IOS I do this with a standard access list giving the permitted IP addresses. I then apply the access list on "line vty 0 15". What's the equivalent in the world of Catalyst 6500 ? And what's a good book for learning the 6509? Thanks! Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63358&t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 6509 Switch access control [7:63358]
Hi Andrew .. I presume that your cat is running CAT0S. What you need to do is basically the following, say for example you only wanted to allow 192.168.0.0/24 telnet access to your Cat set ip permint 192.168.0.0 255.255.255.0 telnet You can also add specific host set ip permit 192.168.1.5 255.255.255.255 telnet You can also uses these lists to restrict ssh and snmp access to your catallyst. Once you have created your permit list, enter the command set ip permit enable | disable to enable and disable access.# Hope this helps. Berman Andrew wrote: > > I'm trying to put access controls on who can telnet into a > Catalyst 6509 switch, but I'm stuck. The supervisor engine is > 1A running 5.5(1) software. > > In IOS I do this with a standard access list giving the > permitted IP addresses. I then apply the access list on "line > vty 0 15". > > What's the equivalent in the world of Catalyst 6500 ? > > And what's a good book for learning the 6509? > > Thanks! > > Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63361&t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6509 Switch access control [7:63358]
The 6509 with a switch supervisor and no msfc can restrict telnet with a VACL...if the switch has a MSFC then you can apply an ACL... Larry Letterman Network Engineer Cisco Systems - Original Message - From: "Berman Andrew" To: Sent: Wednesday, February 19, 2003 7:50 AM Subject: Catalyst 6509 Switch access control [7:63358] > I'm trying to put access controls on who can telnet into a Catalyst 6509 > switch, but I'm stuck. The supervisor engine is 1A running 5.5(1) software. > > In IOS I do this with a standard access list giving the permitted IP > addresses. I then apply the access list on "line vty 0 15". > > What's the equivalent in the world of Catalyst 6500 ? > > And what's a good book for learning the 6509? > > Thanks! > > Andrew [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63408&t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6509 Switch access control [7:63358]
Thanks. Yes, indeed it does have MSFCs. But if I just put ACLs in the MSFC won't I be merely preventing telnet to the MSFCs and not to the switch itself? The MSFC can be reached by direct telnet to its own IP address or by telneting to the switch and then issuing a "session 15" command. I think the CatOS "set ip permit x.x.x.x telnet" command that Troy mentioned is what I need to restrict telnet access to the switch. Thanks all. Andrew Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63439&t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6509 Switch access control [7:63358]
Sorry about thatI sometimes forget that most people are running hybrid, since we run all our sup/msfc devices natively.. Troy's solution is in fact a great way to lock it down... -- Larry Letterman Network Engineer Cisco Systems ""Berman Andrew"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks. Yes, indeed it does have MSFCs. But if I just put ACLs in the MSFC > won't I be merely preventing telnet to the MSFCs and not to the switch > itself? The MSFC can be reached by direct telnet to its own IP address or > by telneting to the switch and then issuing a "session 15" command. > > I think the CatOS "set ip permit x.x.x.x telnet" command that Troy mentioned > is what I need to restrict telnet access to the switch. > > Thanks all. > > Andrew [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63444&t=63358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
