ACL for Telnet Access

Unanswered Question
Jul 23rd, 2008

I was hoping to create an access list so that only a single IP address can telnet into the switch and all others would be blocked. I currently have a Catalyst 3550. Not having much luck. Any help would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Pari Thiagasundaram Wed, 07/23/2008 - 11:54


I would want you to "know what you are doing". Here is a link that might help you.

Im sure if you google, you might get tons of configuration example, but as a network administrator, you should know exactly the desired result. The chances are that things can go wrong if you didnt.

Good luck, hope that url helps.

glen.grant Wed, 07/23/2008 - 12:01

"access-list 1 permit

lin vty 0 15

access-class 1 in

srue Wed, 07/23/2008 - 13:02

even better:

access-list 1 permit

access-list 1 deny any log

michael.leblanc Wed, 07/23/2008 - 16:35

access-list 101 remark --- VTY access, host & protocol restricted.

access-list 101 permit tcp host aaa.bbb.ccc.ddd any eq telnet

access-list 101 deny ip any any log

line vty 0 15

access-class 101 in

transport input telnet

Would be preferable to use SSH (TCP 22) rather than Telnet (TCP 23) though.


This Discussion