ACL for Telnet Access

m.sienkiewicz · ‎07-23-2008

I was hoping to create an access list so that only a single IP address can telnet into the switch and all others would be blocked. I currently have a Catalyst 3550. Not having much luck. Any help would be appreciated.

Pari Thiagasundaram · ‎07-23-2008

Michael,

I would want you to "know what you are doing". Here is a link that might help you.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#configurationex

Im sure if you google, you might get tons of configuration example, but as a network administrator, you should know exactly the desired result. The chances are that things can go wrong if you didnt.

Good luck, hope that url helps.

glen.grant · ‎07-23-2008

"access-list 1 permit xxx.xxx.xxx.xxx

lin vty 0 15

access-class 1 in

srue · ‎07-23-2008

even better:

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 deny any log

michael.leblanc · ‎07-23-2008

access-list 101 remark --- VTY access, host & protocol restricted.

access-list 101 permit tcp host aaa.bbb.ccc.ddd any eq telnet

access-list 101 deny ip any any log

line vty 0 15

access-class 101 in

transport input telnet

Would be preferable to use SSH (TCP 22) rather than Telnet (TCP 23) though.

nbitbyte · ‎01-09-2023

Hello,

ip access-list extended 101

permit tcp host a.b.c.d any eq 23

deny ip any any log

line vty 0 15

access-class 101 in