HPE Community
Switches, Hubs, and Modems
1753365 Members
5197 Online
108792 Solutions
New Discussion юеВ

Enable telnet access to router

 
SAM_24
Frequent Advisor

тАО04-27-2004 05:55 AM

тАО04-27-2004 05:55 AM

Enable telnet access to router

Hi,

I am new to cisco routers.

I want to allow telnet access to particular system/ip from outside(for all). How can I do it? Any help is appreciated.

Thanks.
Never quit
0 Kudos
8 REPLIES 8
SAM_24
Frequent Advisor

тАО04-27-2004 06:11 AM

тАО04-27-2004 06:11 AM

Re: Enable telnet access to router

We are using Cisco 2950 series and no NAT.
Never quit
0 Kudos
Ron Kinner
Honored Contributor

тАО04-27-2004 12:41 PM

тАО04-27-2004 12:41 PM

Re: Enable telnet access to router

From the # (enable) login:

conf t
line vty 0 4
password MyNewPassword
login
end
wr me

I assume you already have an enable password.

Now telnet to one of the router's ip addresses and at the first password prompt use your equivalent of MyNewPassword. Then
en
and your enable password

Is that what you needed to know? Or are you wanting to restrict access to a certain IP address on the router?

Ron


0 Kudos
Bharat Katkar
Honored Contributor

тАО04-28-2004 02:43 AM

тАО04-28-2004 02:43 AM

Re: Enable telnet access to router

If you r talking about doing telnet to router then Ron is correct. You follow that procedure.
But if you talking about telnet to any particular Server in the network then you need to write the access-list on router.

What i understood is you want to enable telnet to particular nodes from the enitre network to connect to a particular System/Server.

If You r looking for something like that i can help u with creating access-list on server with your valuable inputs!!
You need to know a lot to actually know how little you know
0 Kudos
Bharat Katkar
Honored Contributor

тАО04-28-2004 02:45 AM

тАО04-28-2004 02:45 AM

Re: Enable telnet access to router

Sorry, in my last line i have mistakenly written "access-list on server", read it as "access-list on router"
You need to know a lot to actually know how little you know
0 Kudos
Stuart Teo
Trusted Contributor

тАО04-28-2004 03:12 AM

тАО04-28-2004 03:12 AM

Re: Enable telnet access to router

SAM,

The 2950 is a Catalyst switch. Please make sure that you have purchased the correct product before proceeding.
If a problem can be fixed, there's nothing to worry. If a problem can't be fixed, worrying ain't gonna help. Bottom line: don't worry.
0 Kudos
Ron Kinner
Honored Contributor

тАО04-28-2004 06:52 AM

тАО04-28-2004 06:52 AM

Re: Enable telnet access to router

I think you need to start over and tell us exactly what you want you have, what you want to do and what happens when you try to do it. If you want to reach a certain server and the server has a valid IP address and can already reach the internet then there is nothing stopping it unless you (or your ISP or the outside system or its ISP) have a firewall or a filter or it is simply not listening for telnet. If you have a filter then tell us what it is and where and we can help modify it.

A simple filter to allow any outsider to telnet to a particular IP address (A.B.C.D), deny all others and permit all other traffic which is to be installed on your router on the interface which connects to the internet (Let's assume it is S0/0) would be:

conf t
access-list 100 permit tcp any host A.B.C.D eq 23
access-list 100 deny tcp any any eq 23
access-list 100 permit ip any any


int s0/0
ip access 100 in
end
wr me

However, if that's all the protection you have you have probably already been hacked.

Ron
0 Kudos
Bharat Katkar
Honored Contributor

тАО04-28-2004 06:53 PM

тАО04-28-2004 06:53 PM

Re: Enable telnet access to router

Ron, i assumed that SAM must be using private network.
But what you say is correct.

Thanks
You need to know a lot to actually know how little you know
0 Kudos
Ernest Ford
Trusted Contributor

тАО04-29-2004 01:10 AM

тАО04-29-2004 01:10 AM

Re: Enable telnet access to router

Permitting telnet access to a particular system from outside the router requires that port 23 be forwarded to that system, along with the appropriate changes to the router ACLs.

Since you are not using NAT your router will have probably have a static routing table which will need to be modified - I suggest you consult the person who did the initial configuration rather than supply these details to strangers.

Also permitting access from anyone (or all) is not advisable from a security standpoint - you should perhaps consider only allowing access from a particular host, or limited series of hosts - this can be done through the routers ACLs
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.