Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
4
Replies

IP access-class question

akimalijbsk8r
Level 1
Level 1

‎09-08-2007 08:20 PM - edited ‎03-05-2019 06:21 PM

Good morning all. I have SwitchA (2950) and SwitchB (2950) connected via crossover. VLAN1 configs are as follows...

SwitchA - ip add 192.168.1.1/30

SwitchB - ip add 192.168.1.2/30

ip add 10.7.10.152/24 sec

SwitchA has the following access-list configured

access-list 1 permit host 10.7.10.152

ip access-class vty 0 15 in

When I try to telnet to SwitchA from SwitchB, I get denied. I used the following command

192.168.1.1 /source-interface vlan1

Is there a way to force telnet to use secondary ip address as the source instead of the interface to bypass the access-class block?

Labels:
0 Helpful
4 Replies 4

Edison Ortiz
Hall of Fame
Hall of Fame

‎09-08-2007 08:29 PM

No, you can't source from a secondary ip address when using the source-interface option within telnet.

I don't have a 2950 at the moment to test, but instead of creating a secondary IP address on Vlan1, can you create a loopback ?

0 Helpful

akimalijbsk8r
Level 1
Level 1
In response to Edison Ortiz

‎09-08-2007 10:07 PM

Thanks for that clarification. I'll have to try the loopback solution next week. Thanks again.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to akimalijbsk8r

‎09-09-2007 01:25 PM

Akim

The 2950 switch is a layer 2 switch and as such I believe that it does not support the concept of loopback interface.

also I note that the syntax in your post is incorrect. Instead of this:

ip access-class vty 0 15 in

you would need this:

line vty 0 15

access-class 1 in

If you are trying to telnet from 1 layer 2 switch to another layer 2 switch I do not believe that you will be able to use secondary addressing.

I am not clear why you are attempting to use secondary addressing in this. If you want to permit one layer 2 switch to telnet to the other layer 2 switch why not just permit its management interface? Perhaps if you explain your environment and what you are trying to accomplish we might be able to help find a way to achieve it.

HTH

Rick

HTH

Rick
0 Helpful

akimalijbsk8r
Level 1
Level 1
In response to Richard Burts

‎09-09-2007 08:05 PM

Rick,

Thanks for catching my error in syntax. I did input it correctly in my lab though. There is/was no particular need for me doing that. The environment is stictly a lab (3 routers and 3 switches) and I was just playing with the access-class command. Was just curious if it could be done. Thanks for the reply! (I learn more from these forums than I would've thought!)

Akim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card