Cisco Login Security

Securing a network means nothing when failing to secure the edge router, so here is a few tips on how to secure Cisco's CLI remote management,
first restrict access by IP address, to do so create an access-list containing the IP's you might be connecting from and add restrict the access to that ACL,
let's assume you'll need access only from
Cisco# access-list 10 permit
Cisco# line vty 0 4
Cisco# access-class 10 in
that should make sure no one outside your network is able to access the router configurations, but what about inside your network ? it is still possible to gain access to the router by running a number of attacks on the router, to try and counter it we can use log in restrictions.
Block all access after 2 failed login attempts within 1 Minute for the period of 300Secounds (5 Minutes)
Cisco# login block-for 300 attempts 2 within 60
Delay 5 Seconds between each login attempt  
Cisco# login delay 5
And offcource log each attempt, both successful and failed.
Cisco# login on-failure log
Cisco# login on-success log
Another feature is to allow specific IP's the possibility to access even if the device is in "quite mode" (block is active)
Cisco# access-list 20 permit
Cisco# login quiet-mode access-class 20

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR


  1. thx guys
    you are grate

  2. Nice post! This is a very nice blog that I will definitively come back to more times this year! Thanks for informative post. security company

  3. Your music is amazing. You have some very talented artists. I wish you the best of success. security company

  4. This is such a great resource that you are providing and you give it away for free. security guards

  5. I adore your websites way of raising the awareness on your readers. security guard training