How to enable telnet for specific IP?


How to enable telnet for specific IPS
for example for ip 167.28.170.99 & 167.28.137.57

4 replies

Userlevel 5
Jamie,

The best and most secure way to do this is to create a access profile that includes all of the specific IP's of stations you want to be able to telnet from. Once you create the profile (really just an ACL) you can then apply that to Telnet, SSH or SNMP.. Here is a link to the instructions..

http://documentation.extremenetworks.com/exos/EXOS_All/Switch_Management/c_access-profile-logging-fo...

Bill
Bill Stritzinger wrote:

Jamie,

The best and most secure way to do this is to create a access profile that includes all of the specific IP's of stations you want to be able to telnet from. Once you create the profile (really just an ACL) you can then apply that to Telnet, SSH or SNMP.. Here is a link to the instructions..

http://documentation.extremenetworks.com/exos/EXOS_All/Switch_Management/c_access-profile-logging-fo...

Bill

something like this:

Telnet_2.pol

entry AllowTheseSubnets {
if match any {
source-address 167.28.170.99 /32;
source-address 167.28.157.37 /32;
} then {
permit;
}
}
entry dontAllowTheRest {
if {
; #none specified
} then {
deny;
}
}
Thank Bill
Userlevel 5
Yes, but make sure you use the correct indents as in the documentation. For the example you gave, the two IP addresses would be allowed like this... (assume your addresses are /24 - Match CIDR..)

MyAccessProfile.pol entry AllowTheseSubnets { if match any { source-address 167.28.170.99 /24; source-address 167.28.137.57 /24; } then { permit; } }[/code]
Once you create the file and copy to the switch, use the command "check policy MyAccessProfile" to make sure the format for the file is correct. The above will only let those two addresses access telnet. Once you create the file you can use that with SSH and SNNMP too.

Bill

Reply