Ip access-list

Unanswered Question
Jon Marshall Wed, 03/28/2007 - 03:52
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Ali


Could you give a few more details.


What are the source IP addresses.

What are the destination IP addresses.

What are you denying or permitting.

What type of kit are you applying the access-list on eg. router, layer 3 switch etc.


Jon

royalblues Wed, 03/28/2007 - 04:25
User Badges:
  • Green, 3000 points or more

Ali,


You would require a VTY access-list

eg.

Access-list 1 permit 10.100.100.150 0.0.0.0

Access-list 1 permit 10.100.100.151 0.0.0.0

Access-list 1 permit 10.100.100.152 0.0.0.0

Access-list 1 permit 10.100.100.153 0.0.0.0

Access-list 1 permit 10.100.100.154 0.0.0.0

Access-list 1 permit 10.100.100.155 0.0.0.0


line vty 0 15 (or 4) .... depending on the platform)

access-class 1 in

transport input telnet


This would restrict the telnet access to the above 6 machines


HTH, rate if it does

Narayan

Jon Marshall Wed, 03/28/2007 - 04:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Ali


If you are trying to restrict who can telnet onto the actual supervisor Narayan is correct in the solution he provided.


If you are trying to stop telnet through the switches to another destination you would use an access-list.


HTH


Jon

royalblues Wed, 03/28/2007 - 04:38
User Badges:
  • Green, 3000 points or more

Ali,


Actually it is an ip access-list.

If you want it to show as ip access-list then

you can use

ip access-list standard permit-to-telnet

permit 10.100.100.150 0.0.0.0

permit 10.100.100.151 0.0.0.0

permit 10.100.100.152 0.0.0.0

permit 10.100.100.153 0.0.0.0

permit 10.100.100.154 0.0.0.0

permit 10.100.100.155 0.0.0.0


HTH, rate if it does

Narayan


Amit Singh Wed, 03/28/2007 - 04:36
User Badges:
  • Cisco Employee,

Ali,


One thing that you can do is:


access-list 1 permit host 10.100.100.151

access-list 1 permit host 10.100.100.152

access-list 1 permit host 10.100.100.153

access-list 1 permit host 10.100.100.154

access-list 1 permit host 10.100.100.155


line vty 0 4

access-class 1 in


HTH,

-amit singh




Actions

This Discussion