Secure Your PE VTYs!

• use better ACLs to secure the VTYs

interface loopback0

ip address 1.1.1.1 255.255.255.255

access-list 199 permit 10.25.25.5 0.0.0.0 1.1.1.1 0.0.0.0

access-list 199 permit 61.8.0.0 0.0.7.255 1.1.1.1 0.0.0.0

access-list 199 permit 10.25.25.5 0.0.0.0 61.8.0.0 0.0.7.255

access-list 199 permit 61.8.0.0 0.0.7.255 61.8.0.0 0.0.7.255

• needs entries for BB interface addresses as telnetdestination (hop-to-hop telnet)

  • as BB interface addresses and loopback addresses arenot reachable within the vrfs, this should be secure
  • needs a nice IP addressing scheme (or a clever config generation tool)

Previous slide

Next slide

Back to first slide

View graphic version