ACL for Telnet Access

Unanswered Question
Jul 23rd, 2008
User Badges:

I was hoping to create an access list so that only a single IP address can telnet into the switch and all others would be blocked. I currently have a Catalyst 3550. Not having much luck. Any help would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Pari Thiagasundaram Wed, 07/23/2008 - 11:54
User Badges:
  • Silver, 250 points or more

Michael,

I would want you to "know what you are doing". Here is a link that might help you.


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#configurationex


Im sure if you google, you might get tons of configuration example, but as a network administrator, you should know exactly the desired result. The chances are that things can go wrong if you didnt.


Good luck, hope that url helps.

glen.grant Wed, 07/23/2008 - 12:01
User Badges:
  • Purple, 4500 points or more

"access-list 1 permit xxx.xxx.xxx.xxx



lin vty 0 15

access-class 1 in

srue Wed, 07/23/2008 - 13:02
User Badges:
  • Blue, 1500 points or more

even better:

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 deny any log

michael.leblanc Wed, 07/23/2008 - 16:35
User Badges:
  • Silver, 250 points or more

access-list 101 remark --- VTY access, host & protocol restricted.

access-list 101 permit tcp host aaa.bbb.ccc.ddd any eq telnet

access-list 101 deny ip any any log


line vty 0 15

access-class 101 in

transport input telnet


Would be preferable to use SSH (TCP 22) rather than Telnet (TCP 23) though.


Actions

This Discussion