Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

connecting to router through unix??

Status
Not open for further replies.
DrTebi

DrTebi

Programmer
Apr 14, 2001
5
US
Hi,
I have a simple question...
I have a FreeBSD 4.2 system and a cisco 1720 router. I would prefer to use the serial com to connect to the router. I was able to do so through the Hyper Terminal with a windows98 box, but how can I do it through Unix?

Another thing I wonder about is how can I disable all other access to the router once I have it working through the serial port?

Thanks,
DrTebi
 
Sort by date Sort by votes
DrTebi,

For FreeBSD, you can try minicom. Have a look at it here:

You can also look here for other FreeBSD comms related software:

As for your second question, it reads a little ambiguous. How do you want access restricted? From just the WAN side? Based on IP? Based on user? Do you really want to block all access, or implement tighter security? Have a look at this Cisco doc for more direction:


I hope this helps.

-Jeff Lush
 
Upvote 0 Downvote
Thanks for your reply, I got it working now.

What I meant by my second question....

I noticed that The router "listens" on several ports for connections, which would allow a user to establish a connection directly to the router, and then configure it - if he knows the password.
I want to configure the router so that I will not be possible to access the configuration in any way but through the serial port. In other words, I want to disable the router's ability to be configured through through e.g. telnet.

thanks,
DrTebi
 
Upvote 0 Downvote
no service tcp-small-servers
Echo, Discard, Chargen, and Daytime services are disabled


disable SNMP


no ip source-route

access-list 107 deny ip 10.0.0.0 0.255.255.255 any log
access-list 107 deny ip 172.0.0.0 0.255.255.255 any log
access-list 107 deny ip 127.0.0.0 0.255.255.255 any log
access-list 107 deny ip 255.0.0.0 0.255.255.255 any log
access-list 107 deny ip 224.0.0.0 0.255.255.255 any log
access-list 107 deny ip 192.168.50.0 0.0.0.255 any log
access-list 107 deny icmp any any echo log
access-list 107 deny tcp any any eq finger
access-list 107 permit ip any any

The access list denys all "private" IPs, multicast and your own from coming back to you. Denys ICMP ( ping) and surpresses the normal echo response. Denys FINGER.

This is just a sampling of what you can do. It is possible to block ports if you wanted.

Mike S "Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
236
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
315
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
252
bdk76
bdk76
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
457
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
175
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top