Ip access-list

Unanswered Question
Jon Marshall Wed, 03/28/2007 - 03:52

Hi Ali

Could you give a few more details.

What are the source IP addresses.

What are the destination IP addresses.

What are you denying or permitting.

What type of kit are you applying the access-list on eg. router, layer 3 switch etc.

Jon

royalblues Wed, 03/28/2007 - 04:25

Ali,

You would require a VTY access-list

eg.

Access-list 1 permit 10.100.100.150 0.0.0.0

Access-list 1 permit 10.100.100.151 0.0.0.0

Access-list 1 permit 10.100.100.152 0.0.0.0

Access-list 1 permit 10.100.100.153 0.0.0.0

Access-list 1 permit 10.100.100.154 0.0.0.0

Access-list 1 permit 10.100.100.155 0.0.0.0

line vty 0 15 (or 4) .... depending on the platform)

access-class 1 in

transport input telnet

This would restrict the telnet access to the above 6 machines

HTH, rate if it does

Narayan

Jon Marshall Wed, 03/28/2007 - 04:31

Hi Ali

If you are trying to restrict who can telnet onto the actual supervisor Narayan is correct in the solution he provided.

If you are trying to stop telnet through the switches to another destination you would use an access-list.

HTH

Jon

royalblues Wed, 03/28/2007 - 04:38

Ali,

Actually it is an ip access-list.

If you want it to show as ip access-list then

you can use

ip access-list standard permit-to-telnet

permit 10.100.100.150 0.0.0.0

permit 10.100.100.151 0.0.0.0

permit 10.100.100.152 0.0.0.0

permit 10.100.100.153 0.0.0.0

permit 10.100.100.154 0.0.0.0

permit 10.100.100.155 0.0.0.0

HTH, rate if it does

Narayan

Amit Singh Wed, 03/28/2007 - 04:36

Ali,

One thing that you can do is:

access-list 1 permit host 10.100.100.151

access-list 1 permit host 10.100.100.152

access-list 1 permit host 10.100.100.153

access-list 1 permit host 10.100.100.154

access-list 1 permit host 10.100.100.155

line vty 0 4

access-class 1 in

HTH,

-amit singh

Actions

This Discussion