Security+ SY0-701 · Lab

Restrict Telnet & SSH Access to the Router

Lock the router's remote-management plane so only approved internal subnets can open a management session, using a standard numbered access list bound to the VTY lines.

OBJ 2.5OBJ 3.2 OBJ 4.1OBJ 4.5
device · RTR-EDGE-02
console session · 9600 8N1

Scenario

You are the on-call network engineer for Larkhill Aerospace. A new edge router, RTR-EDGE-02, has just been racked at the Cedar Falls branch. Right now its VTY (virtual terminal) lines accept Telnet and SSH sessions from anywhere reachable — a wide-open management plane. Security wants remote administration restricted so that only three trusted internal subnets can even reach a login prompt on the device itself.

Build a standard numbered IPv4 access list (number 12) that permits those subnets, then apply it inbound on the VTY lines and save the configuration.

Operations VLAN
10.40.12.0/24
Network-admin VLAN
10.40.20.0/24
NOC monitoring
172.22.8.0/24
Console — RTR-EDGE-02 connected
RTR-EDGE-02>

Tasks

    Tip: a /24 network is matched with the wildcard mask 0.0.0.255. Use ? in the console to see what's valid in the current mode.

    Management-plane guard

    permit entry present VTY guard active not yet configured

    Knowledge check

    Score 0 / 7
    '); } else { setStatus("Pop-up blocked — allow pop-ups to preview the proof image.","info"); } } /* ----- Wiring --------------------------------------------------------- */ cmdEl.addEventListener("keydown",(e)=>{ if(e.key==="Enter"){ const raw=cmdEl.value; cmdEl.value=""; if(raw.trim()!==""){ history.push(raw); } histIdx=history.length; handle(raw); refresh(); } else if(e.key==="ArrowUp"){ if(history.length){ histIdx=Math.max(0,histIdx-1); cmdEl.value=history[histIdx]||""; e.preventDefault(); } } else if(e.key==="ArrowDown"){ if(history.length){ histIdx=Math.min(history.length,histIdx+1); cmdEl.value=history[histIdx]||""; e.preventDefault(); } } }); $("btnHelp").addEventListener("click",()=>{ echoCmd("?"); helpFor(st.mode); termEl.scrollTop=termEl.scrollHeight; cmdEl.focus(); }); $("btnRun").addEventListener("click",()=>{ if(st.mode==="user"){st.mode="priv";setPrompt();} handle("show running-config"); refresh(); cmdEl.focus(); }); $("btnReset").addEventListener("click",resetAll); $("btnSubmit").addEventListener("click",submit); $("btnPreview").addEventListener("click",preview); termEl.addEventListener("click",()=>cmdEl.focus()); function resetAll(){ st=freshState(); history.length=0; histIdx=-1; lines.length=0; termEl.innerHTML=""; Object.keys(qSelections).forEach(k=>delete qSelections[k]); questionsEl.querySelectorAll("input[type=radio]").forEach(r=>{r.checked=false;}); setPrompt(); banner(); setStatus("",""); refresh(); cmdEl.focus(); } /* ----- Init ----------------------------------------------------------- */ buildTasks(); buildQuestions(); setPrompt(); banner(); refresh(); cmdEl.focus(); })();